firewall

Hi FreeBSD Gurus! In case using bsd-based bare metal rack server as a gate fw/router: 1. How effectively would be using ZFS (in comparison to GPT, etc) file system in hardware RAID10 (4 of SSD TLC/MLC drives) ? 2. Is separating of /var, /tmp (also may be /usr) to another disk's logical volume...

I could use some help with a pf firewall I can't get to work. For some reason, ping/icmp won't get blocked by overload. This works for ssh connections: table <bruteforce> persist block drop in log quick on $ext_if inet proto tcp from <bruteforce> port 22 pass in log on $ext_if inet proto tcp to...

I using pf firewall on FreeBSD for socket IPV6 IPV6_BINDANY option. In OpenBSD tested pf, good working. But not working in FreeBSD. # test.c: #include <stdio.h> #include <arpa/inet.h> #include <unistd.h> #include <netinet/in.h> #include <sys/socket.h> const char...

Hi all, I updated my internet facing router/firewall from 12.2-RELEASE-p11 to the latest 12.3 release: 12.3-RELEASE-p7. I'm using a custom kernel with ALTQ support as it helps with my transfer speeds. More info on this below as I even disabled ALTQ to try to solve this issue. The issue: after...

Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...

Hi, which firewall should I choose between pf, ipf and ipfw for a home application or a small business? I've been using pf on my local laptop with a very minimal configuration, just to close every ports except the ones I need on my local network. But which one would you recommend for a...

Hi, I am trying to follow this guide: https://www.vultr.com/docs/building-your-own-mail-server-with-freebsd-11 Unfortunately when copying the pf config and starting the daemon (or reloading the config with pfctl -f /usr/local/etc/pf.conf) I get this output: /usr/local/etc/pf.conf:27: syntax...

I'm using a fairly strict PF ruleset on a server and I am having trouble with updating the system. I have port 80 and 443 open (http and https respectively) but I get a "No address record" error when I try to update the repositories. I also have port 21 open in case it used ftp, but it...

Hi All , I need to audit the rules and settings of a FreeBSD firewall against best practice ""my first time", the client has sent me a text file . Is there a software I can use to make this analysis? If not, what is the best process for auditing this FreeBSD firewall? Thank you

Having read, and re-read Chapter 31. Firewalls, I'm hugely disappointed in the lack of clear direction offered by the author. As a reference, it's not horrible, but for someone looking to turn on the firewall so their workstation or server is relatively safe, it's not good. I'm not a new user...

OK. I've read man firewall and Chapter 31. Firewall and I'm still a bit uncertain about which firewall to choose. Here's my use case: I have FreeBSD 13 installed on my Lenovo Thinkpad T-430. I alternate between the ethernet connection and wifi. Either way, I only use IPV4. I would like to be...

Hi, guys! For a while I used for my whmcs setup composed by apache + mod_php as backend and nginx as reverse proxy. I was thinking i'm safe until someone with few proxies succeed to open enough connections and apache eaten whole amount of RAM (2GB). Any idea how to block this kind of...

Howdy, I recently started using pf (FreeBSD 13.0) as my home FW with very basic rules: lan="bge0" wan="bge1" set loginterface $wan set optimization normal set block-policy drop set skip on lo0 scrub on $wan all nat on $wan from $lan:network to any -> ($wan) block drop log all pass in on $lan...

I have a new FreeBSD 13 PC behind a firewall and need to connect to a SOCKS5 proxy to "go out". How do I configure the operating system to proxy to a fixed SOCKS IP address and fixed port?* * So all applications will just "go out" without configuring each one individually.

Hi, hardware gurus! How exactly BSD pf performance (in matter of low latency, high PPS, etc) depend on bus frequency, main CPU frequency and L2/L3 cache size in multi-package (mean physical multi-CPU, like Intel E5500/5600, E5-2000 series) server systems that intend working as border firewall...

I am looking for best practices and see if anyone else is successfully running a similar environment. Have FreeBSD server that is basically a LAMP environment. That is living on a public IP address and using IPFW to block everything except 80 and 443. That is all working very well without...

Posting this from a phone on mobile network. I tried accessing forums.freebsd.org from my computer connected by wire, from different browsers and by another device connected to wifi from the same network. Forums.freebsd.org is still not reachable.

The purpose of this post is to try and clarify a few basic ideas in packet filtering that I'm having trouble reducing to firm principles in practice. 0. PF lives in the kernel and handles all packets as they pass between NI(C)'s and daemons 1. Packets are identified by the NIC of origin and...

Hi all, Could somebody with some knowledge and experience have a look at my pf.conf before I start using it, to make sure I'm not doing anything stupid with it? I am using FreeBSD 12.2 on a laptop connected via wifi to my ISP router and the VPN provided for work. I am using OpenVPN and...

Hi! I was not sure if I should put this to networking or off topic. I am looking for a relative cheap ITX motherboard and computer case which can handle 2x8 PCI-E cards with bifurcation without cutting metal or other kind of tinkering. I'd like to have something small for my home network, but I...