firewall

CloudlFlare is bad. I won't go into too many details, but those who understand -- understand. The goal is to see if it can be replaced for less or equal money and -- in case it can be done -- to understand exactly how to approach this task. Why replace Cloudflare (tl;dr version) My estimate of...

Hi, do you know ipfw syntax for pf dup-to command? Thanks in advance

Hello everyone, I would like to use pf and ipfw at the same time for different tasks, but I can not understand who is activated first (if there is an order) when a rule is received. Also trying to verify this, I can’t figure out where the pf and ipfw log files are located on both OPNsense and...

I can access the BVCP web interface on my FreeBSD workstation when I have the PF firewall disabled, but whenever I have PF firewall enabled and try to connect to a BVCP web interface, I get the following error: "Unable to connect to Backend module". I would expect it to work if I open inbound...

Hi. I'm confused a bit about where to put my whitelist table (containing IPs that shouldn't get blocked). My current configuration does not whitelist my <whitelist> table. This is the trimmed pf.conf file of mine; ext_if="re0" table <whitelist> persist file "/var/pf/whitelist.txt" table...

Hello, I'm new to FreeBSD and loving it. The only thing I'm really struggling with is getting a good pf.conf. Here's my attempt. Sadly I can't get it to allow IPv6 traffic. Can anyone help me with what I'm doing wrong? vtnet0 = "vtnet0" set skip on { lo0 lo1 } # basic hardening scrub in all...

Hi there, I am stuck with a problem I cannot resolve myself, unfortunately. I have a RPI3 device with FreeBSD on it, which I want to act as a router with firewall. Mu initial intent to use it as a sort of MITM router that I can control and adapt firewall needs for the purposes of testing...

Hello there. I've a tiny FreeBSD VPS with two jails running within it. I'm reaching out the jails remotely via SSH (First jail: My.public.IP.addr:4215 - 2nd one: my.public.IP.addr:4214) by having the config below. lo1 = My Jails' virtual local interface I created via rc.conf. I don't know if...

Hi, I have successfully setup NAT on pf with this in /etc/pf.conf file: nat on wlan0 inet from 10.1.1.0/24 to any -> (wlan0) round-robin I am now trying to achieve the same what is available out of the box on VirtualBox - port forwarding. For example one of my Bhyve virtual machines is...

Hello there. I've completed setting my mail server up. Just for the sake of security and connection stability, I tried to implement PF firewall as well, for my services. Before I proceed and move my mail server into production, could someone please take a quick look at my pf.conf file and give...

Hi FreeBSD Gurus! In case using bsd-based bare metal rack server as a gate fw/router: 1. How effectively would be using ZFS (in comparison to GPT, etc) file system in hardware RAID10 (4 of SSD TLC/MLC drives) ? 2. Is separating of /var, /tmp (also may be /usr) to another disk's logical volume...

I could use some help with a pf firewall I can't get to work. For some reason, ping/icmp won't get blocked by overload. This works for ssh connections: table <bruteforce> persist block drop in log quick on $ext_if inet proto tcp from <bruteforce> port 22 pass in log on $ext_if inet proto tcp to...

I using pf firewall on FreeBSD for socket IPV6 IPV6_BINDANY option. In OpenBSD tested pf, good working. But not working in FreeBSD. # test.c: #include <stdio.h> #include <arpa/inet.h> #include <unistd.h> #include <netinet/in.h> #include <sys/socket.h> const char...

Hi all, I updated my internet facing router/firewall from 12.2-RELEASE-p11 to the latest 12.3 release: 12.3-RELEASE-p7. I'm using a custom kernel with ALTQ support as it helps with my transfer speeds. More info on this below as I even disabled ALTQ to try to solve this issue. The issue: after...

Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...

Hi, which firewall should I choose between pf, ipf and ipfw for a home application or a small business? I've been using pf on my local laptop with a very minimal configuration, just to close every ports except the ones I need on my local network. But which one would you recommend for a...

Hi, I am trying to follow this guide: https://www.vultr.com/docs/building-your-own-mail-server-with-freebsd-11 Unfortunately when copying the pf config and starting the daemon (or reloading the config with pfctl -f /usr/local/etc/pf.conf) I get this output: /usr/local/etc/pf.conf:27: syntax...

I'm using a fairly strict PF ruleset on a server and I am having trouble with updating the system. I have port 80 and 443 open (http and https respectively) but I get a "No address record" error when I try to update the repositories. I also have port 21 open in case it used ftp, but it...

Hi All , I need to audit the rules and settings of a FreeBSD firewall against best practice ""my first time", the client has sent me a text file . Is there a software I can use to make this analysis? If not, what is the best process for auditing this FreeBSD firewall? Thank you

Having read, and re-read Chapter 31. Firewalls, I'm hugely disappointed in the lack of clear direction offered by the author. As a reference, it's not horrible, but for someone looking to turn on the firewall so their workstation or server is relatively safe, it's not good. I'm not a new user...