02:08:01 <llua> sounds like a weird ask, to have a jail with its own network stack, have it's firewall not be in said stack.
02:36:10 <mjp> why is that weird? if a jail is compromised then its much better if any blocked outbound connections are not configurable from within the jail
02:36:49 <mjp> this is how NSX works https://www.vmware.com/products/cloud-infrastructure/vdefend-distributed-firewall
04:23:41 <llua> have you tried setting rules referencing the jail's host-side interface?
05:37:34 <luke_jobless_sb> mjp: isn't this the other way around? my firewall is done at the host.
09:37:41 <mjp> llua: no still making a plan at this stage, interface names seems logical providing each jail has a fixed interface name on the host system
09:38:47 <mjp> luke_jobless_sb: are you using vnet jails? they have their own network stack and can run pf inside
12:14:55 <bjorn3> how do I log failed login attempts in /var/log/auth.log?
12:17:53 <voy4g3r2> bjorn3: is it a remote login failure or a local one?
12:18:12 <bjorn3> local
12:18:15 <voy4g3r2> local - typically handled in syslog.conf
12:18:28 <voy4g3r2> remote - sshd_config (if ti is remote ssh)
12:18:52 <voy4g3r2> there is a configuration file update, should have notes within those files. then a simple restart of the logging service and should be good to go
12:23:08 <bjorn3> auth.info;authpriv.info is used for /var/log/auth.log in /etc/syslog.conf already. what should i add to log auth failures?
13:11:28 <voy4g3r2> bjorn3: you want to increase the logging levels from INFO
13:20:59 <bjorn3> voy4g3r2: with auth.debug;authpriv.debug i don't see any difference
13:23:24 <voy4g3r2> let me step back a second.. what error logging are you trying to capture.. local / console or you doinmg through ssh?
13:24:07 <bjorn3> if there is a local login failure, i would like to get a log message for this.
13:26:24 <voy4g3r2> hav eyou tried to move from DEBUG (as that is low level stuff) to say ERR? I am referencing this section, as i am helping out: https://docs.freebsd.org/en/books/handbook/config/#configtuning-syslog
13:29:02 <bjorn3> auth.err;authpriv.err doesn't help, nor does auth.*;authpriv.*
13:30:51 <voy4g3r2> and you are restarting the service?
13:31:15 <bjorn3> yes, i'm doing "service syslogd restart" every time.
13:31:26 <voy4g3r2> try adding this.. sysrc syslogd_flags="-vv"
13:31:32 <voy4g3r2> and do again.. maybe it will "show" something
13:31:48 <voy4g3r2> this will add flags in /etc/rc.conf for the syslogd service
13:31:56 <voy4g3r2> so when you do a restart, it will "append" these flags to it
13:33:48 <bjorn3> did that, i'm now getting a authpriv.notice for the sudo cat that i used to read auth.log, but still nothing for the failed login attempts.
13:35:28 <voy4g3r2> you seeing anything in /var/log/security?
13:36:11 <bjorn3> Oct  9 15:09:15  newsyslog[713]: logfile first created
13:36:19 <bjorn3> is the only line in /var/log/security
13:37:33 <voy4g3r2> do you see ANY entries in auth.log, like this: Oct 20 16:21:28 momas su[49873]: chrisdavidson to root on /dev/pts/3
13:38:30 <bjorn3> yes, successful sudo usage and successful logins are logged just fine.
13:38:41 <bjorn3> Oct 25 15:37:43 <auth.info>  login[25821]: login on pts/0 as bjorn
13:39:02 <bjorn3> Oct 25 15:37:49 <authpriv.notice>  sudo[25825]:    bjorn : TTY=pts/0 ; PWD=/home/bjorn/ ; USER=root ; COMMAND=/bin/cat /var/log/auth.log
13:40:20 <voy4g3r2> Oct 25 09:39:57 momas su[60461]: BAD SU chrisdavidson to root on /dev/pts/2
13:40:32 <voy4g3r2> when you do a 'su' and give a bad password.. does it show this?
13:40:46 <voy4g3r2> for the record, i have NOT touched the basic configuration /etc/syslong.conf
13:41:00 <Tenkawa> hmm it works on  my box
13:41:03 <Tenkawa> Oct 25 09:40:35 bsdrock5 sshd[1946]: error: PAM: Authentication error for illegal user na2 from
13:41:15 <voy4g3r2> Tenkawa: thanks for confirmation
13:41:26 <voy4g3r2> i am getting the error messages, so it is odd you are not bjorn3
13:41:26 <bjorn3> if i do su i get a BAD SU message already without entering a password as i'm not in wheel.
13:41:29 <voy4g3r2> hence your question :)
13:42:58 <bjorn3> sudo also seems to log a message, but login doesn't.
13:43:30 <dch> cperciva: ping
13:43:53 <Tenkawa> voy4g3r2:  I didn't have to change anything... I am curious to ask bjorn3 this: what version of FreeBSD is this?
13:44:13 <bjorn3> (unrelated, but i just noticed that you can ctrl-z login on a tty and brick said tty until you send SIGCONT to login as root)
13:44:26 <bjorn3> Tenkawa: 14.1-RELEASE
13:44:35 <Tenkawa> interesting indeed...
13:45:25 <bjorn3> i installed it a couple of weeks ago and i don't think i changed anything related to this.
13:45:55 <voy4g3r2> Tenkawa: agree, it helps with context, while it sucks for bjorn3.. i am thinking to myself.. did I change anything
13:46:21 <voy4g3r2> bjorn3: maybe i missed it, but if you ssh into box and give a bad password.. does it log?
13:46:26 <Tenkawa> voy4g3r2: yeah I just installed these 2 boxes a week ago
13:46:57 <voy4g3r2> i am looking at this right now... https://man.freebsd.org/cgi/man.cgi?query=login&sektion=1&format=html
13:47:09 <voy4g3r2> because the login(1) should be sending the error message to that auth.log
13:47:17 <Tenkawa> Both are arm64 boxes of various types that I'm working on
13:48:24 <voy4g3r2> this should be cpu independent.. i confirmed on a raspberry pi and an x86 box
13:48:51 <Tenkawa> yeah.. it was just context that these were new installs...
13:49:01 <Tenkawa> (nothing really facy)
13:49:03 <voy4g3r2> always important to know about
13:49:05 <Tenkawa> er fancy
13:49:23 <voy4g3r2> bjorn3: i am sorry, i think i am "stuck" at this time and maybe someone with more knowledge than me, can step in
13:49:54 <Tenkawa> I did look and my auth.log is logging  a lot
13:50:43 <Tenkawa> bjorn3: I will "assume" there is a syslogd -s process running right?
13:50:59 <bjorn3> is every program supposed to log auth failure individually on freebsd or is there an option for pam_unix to log auth failure like is the default on at least the debian family of linux systems?
13:51:09 <bjorn3> Tenkawa: yes, syslogd -vv is running
13:52:38 <Tenkawa> hmm I wonder if I'm getting the messages then because I'm running in debug mode... let me change and check
13:55:46 <bjorn52> (web.libera.chat disconnected me and then picked a different nick when reconnecting as bjorn3 is already in use)
13:57:07 <Tenkawa> bjorn52: not sure if you saw last msg
13:57:15 <Tenkawa> [09:52:38]  Tenkawa: hmm I wonder if I'm getting the messages then because I'm running in debug mode... let me change and check
13:57:26 <Tenkawa> testing now
13:57:29 <bjorn52> yeah, that message i saw
13:57:42 <Tenkawa> my syslogd was running with -s
13:57:59 <Tenkawa> just turned off.. restarting and about to try again
13:58:51 <Tenkawa> Nah still logs it
13:58:51 <Tenkawa> ct 25 09:58:32 bsdrock5 sshd[1914]: Failed keyboard-interactive/pam for invalid user na2 from
13:59:26 <bjorn3> and if you enter a wrong password in the `login` program?
13:59:38 <Tenkawa> that was on console
13:59:42 <Tenkawa> let me trry ssh
13:59:57 <bjorn3> why does it say sshd if you were on a console?
14:00:03 <Tenkawa> oh no you right
14:00:11 <Tenkawa> I had the uart on other con
14:00:54 <Tenkawa> just a sec...  no display so I have to login then uart over
14:01:31 <Tenkawa> yeah nothing on that one
14:02:52 <Tenkawa> Let me oh.. think  I found it... just a sec
14:09:36 <Tenkawa> half of it worked... it logs everything but the login attempt still...
14:09:50 <Tenkawa> very odd
14:15:46 <bjorn3> yeah. i also tried the pam_unix debug option, but that is way too verbose and still doesn't show the authentication failure and the target user on a single line, so it is effectively useless when multiple people are logging in at the same time.
14:18:49 <Tenkawa> oh.. it worked that time
14:18:50 <Tenkawa> Oct 25 10:13:35 bsdrock5 login[1902]: 1 LOGIN FAILURE ON ttyu0, na
14:19:44 <Tenkawa> I used adding console to syslog.conf
14:20:24 <Tenkawa> there's this part
14:20:25 <Tenkawa> # uncomment this to log all writes to /dev/console to /var/log/console.log
14:20:25 <Tenkawa> # touch /var/log/console.log and chmod it to mode 600 before it will work
14:21:21 <Tenkawa> that ended up in both console.log and auth.log now
14:22:07 <bjorn3> doesn't work for me
14:22:24 <Tenkawa> Very odd indeed
14:22:45 <Tenkawa> grep ttyu0 auth.log | grep -i login | wc -l
14:22:45 <Tenkawa>       17
14:23:04 <Tenkawa> I've beenusing it a fair bit over the last 2 days lol
14:23:26 <bjorn3> never mind, i made the wrong syslog.conf change.
14:23:59 <bjorn3> with console.info /var/log/console.log it shows up in console.log just fine.
14:24:19 <Tenkawa> yeah it took a few minutes here
14:24:32 <Tenkawa> the dates/clock seemed out of sync
14:25:45 <bjorn3> is it allow to have multiple syslog.conf lines for different filters with the same output log file?
14:25:57 <Tenkawa> That I do not know
14:26:33 <Tenkawa> I'm out of date on editing syslog by hand...
14:27:09 <bjorn3> also it seems to be possible to bypass the logging for sudo by doing ctrl-z and then kill -9 %1
14:35:26 <bjorn3> ah, auth.log still logs it in that case.
19:09:33 <sfox> How do I know I'm not a robot? All these tech companies seem sure of it. How do /you/ know your not a robot for that matter?
19:09:45 <sfox> We could all be robots and not even know it.
19:15:18 <mzar> sfox: as a robot, would you run FreeBSD or something else ?
19:15:49 <vkarlsen> He'd probably run QNX
19:17:38 <sfox> Why is that?
19:26:18 <trashboat> ahh QNX...really miss having it in my pocket
20:03:40 <sfox> Are you sure your not a robot?
20:04:14 <Tenkawa> Heh.. QNX.. I haven't ran that in years
20:43:55 <luke> hello
20:45:10 <luke> my antispoof interferes with my local client to its bouncer. what
20:46:49 <luke_jobless_sb> is this something common?\
21:16:10 <oxbar> luke_jobless_sb: can you re-explain.. somebody should be able to help
21:33:07 <luke_jobless_sb> I have a bouncer in my server. I enabled antispoofing. Antispoofing on loop and NIC distrupted my bouncer. I want to know if this is something to do with the nature of a bouncer before troubleshooting.
21:33:50 <luke_jobless_sb> I meant that bouncer alone works fine but I cannot get my client to connect
22:00:04 <rwp> When you say you "enabled antispoofing" to me that means you have "antispoof quick for { $ext_if, lo0 } inet" in your /etc/pf.conf file.  Does it mean the same thing to you?
22:01:48 <rwp> Antispoofing blocks packets that arrive on an interface with a source that should not be arriving on that interface.  If enabling it blocks something then something on your network is misconfigured.
22:05:30 <s2r> Hi! I'm trying to do a refresh of a replication using zrep but I get an error after issuing the command zrep refresh zroot/jails/ubuntu2. "cannot set property for 'zroot/jails/ubuntu2': permission denied"
22:19:09 <s2r> I ran the command via sudo.
22:41:51 <luke_jobless_sb> rwp: sounds like worth to fix my network instead of disabling antispoof
22:48:45 <rwp> luke_jobless_sb, At the least understanding what's happening.
23:40:58 <ivy> does anyone know the security implications of setting net.inet6.icmp6.nd6_onlink_ns_rfc4861=1?  apparently this is required for certain kinds of PtP Ethernet interfaces that cause FreeBSD to use GUA addresses for NS/NA instead of link local, but i can't find any specific documentation