1. F

    PF Apache + Ngingx reverse proxy

    Hi, guys! For a while I used for my whmcs setup composed by apache + mod_php as backend and nginx as reverse proxy. I was thinking i'm safe until someone with few proxies succeed to open enough connections and apache eaten whole amount of RAM (2GB). Any idea how to block this kind of...
  2. S

    PF pf rule not being used

    Howdy, I recently started using pf (FreeBSD 13.0) as my home FW with very basic rules: lan="bge0" wan="bge1" set loginterface $wan set optimization normal set block-policy drop set skip on lo0 scrub on $wan all nat on $wan from $lan:network to any -> ($wan) block drop log all pass in on $lan...
  3. I

    How to configure an entire OS to SOCKS5?

    I have a new FreeBSD 13 PC behind a firewall and need to connect to a SOCKS5 proxy to "go out". How do I configure the operating system to proxy to a fixed SOCKS IP address and fixed port?* * So all applications will just "go out" without configuring each one individually.
  4. Sergei_Shablovsky

    PF How BSD pf performance depend on CPU frequency, L2/L3 cache size

    Hi, hardware gurus! How exactly BSD pf performance (in matter of low latency, high PPS, etc) depend on bus frequency, main CPU frequency and L2/L3 cache size in multi-package (mean physical multi-CPU, like Intel E5500/5600, E5-2000 series) server systems that intend working as border firewall...
  5. nero

    Samba, IPFW, and the internet

    I am looking for best practices and see if anyone else is successfully running a similar environment. Have FreeBSD server that is basically a LAMP environment. That is living on a public IP address and using IPFW to block everything except 80 and 443. That is all working very well without...
  6. S

    Other Forums firewalled out?

    Posting this from a phone on mobile network. I tried accessing from my computer connected by wire, from different browsers and by another device connected to wifi from the same network. is still not reachable.
  7. scott_sch

    PF Fundamentals of packet filtering with pf

    The purpose of this post is to try and clarify a few basic ideas in packet filtering that I'm having trouble reducing to firm principles in practice. 0. PF lives in the kernel and handles all packets as they pass between NI(C)'s and daemons 1. Packets are identified by the NIC of origin and...
  8. N

    PF PF firewall pf.conf Review

    Hi all, Could somebody with some knowledge and experience have a look at my pf.conf before I start using it, to make sure I'm not doing anything stupid with it? I am using FreeBSD 12.2 on a laptop connected via wifi to my ISP router and the VPN provided for work. I am using OpenVPN and...
  9. I

    Solved Hardware for router

    Hi! I was not sure if I should put this to networking or off topic. I am looking for a relative cheap ITX motherboard and computer case which can handle 2x8 PCI-E cards with bifurcation without cutting metal or other kind of tinkering. I'd like to have something small for my home network, but I...
  10. J

    Solved Firewall vs Softether VPN

    Hello everyone, I'm having little problem with my setup of FreeBSD and Softether VPN. I want to be able to make connection with my VPN Server while firewall_type="closed". I thought I had to add these rules: add allow udp from any to any 67 setup keep-state add allow udp from any to any 68...
  11. l008com

    PF Best `pf` Rule Format?

    As my rules get more complicated, i've gone from "from any", to "from ip-address", to "from en0". What I noticed is that when I specify via en0/en1, `pf` makes a rule for every IP address on that interface. Even though other IPs in my setup are covered by other rules. Including IPv6 addresses...
  12. FzZzT

    pr and bridges and squids, oh my!

    Hello, I've read a number of other threads and resources (here and elsewhere) but I can't seem to get the correct combination of things to make my scenario work. Some info seems to be outdated or I'm not sure how to fit it in. Maybe it just isn't possible. Hopefully this isn't completely...
  13. E

    I saw on reddit that someone made a BSD server to have websites unblocked at their school, How can I do this?

    According to the reddit post, the kid made a server, and used ssh to connect to it. He had a version of firefox that ran on the chromebooks/PCs on a flashdrive that routed the requests to the BSD server rather than the schools dns filter. I have putty connected, the firefox and flashdrive is...
  14. Nyakov

    Solved Samba server spamming logs

    Hi. I have very simple setup. One windows PC and one FreeBSD server with samba share. I don't need anything regarding windows network management, printing, netbios etc. Only one share. There is my smb4.conf: [global] server string = My Samba Server netbios name = my-samba workgroup = MYHOME...
  15. D

    IPFW [Solved] Blocking Connections

    (Sorry for being a noob, It's my first time on the forums) Hi, I am using a custom firewall rules script, It supposed to block all connections other than the ones specified here but well, it doesn't here is my script: IPF="ipfw -q add" ipfw -q -f flush #loopback $IPF 10 allow all from any to...
  16. J

    Solved Blocking request based on IP address in X-Forwarded-For header

    I have (courtesy of fail2ban + nginx) tables of IPs I would like to stop from accessing the server in any way (ssh, web, etc.). When they try to ssh, pf blocks them like it should. When they access the webserver directly, they get blocked. But when they access via a proxy, I have no idea what...
  17. I

    access sites and some other networking issues

    I have problem to access some sites but not all, but I have internet connectivity normally. Example this site below cannot be accessed: I get the following message in Mozilla; Hmm...
  18. F

    PF Packet tagging with route-to in pf.conf

    nat log (to pflog0) on if0 from tag TAG_PASS tagged TAG_EX -> (if0) label "test" nat log (to pflog0) on if0 from tag TAG_PASS tagged TAG_EX -> (if0) label "test" nat log (to pflog0) on if0 from tag TAG_PASS tagged TAG_EX -> (if0) label "test" no nat from...
  19. M

    Recommended approach to host / domain blocking?

    I'm currently using hblock with Arch Linux on my laptop: and now I'm wondering what the recommended approach for something like this could be when using FreeBSD. What comes to mind: Simply stick to using a hosts file Use a DNS resolver like unbound with a blocklist Use a DNS proxy like...
  20. W

    IPFW Curl getting blocked by IPFW

    Hey people, After spend some days searching about my issue,I come here to try the luck. I 'm runing an webserver using: FreeBSD 12.0 Apache24 2.4.41 curl 7.67.0 Using IPFW as firewall. Main problem is about Curl, this one with IPFW enabled is getting timeout and does not work. Similar...