firewall

  1. J

    Solved Blocking request based on IP address in X-Forwarded-For header

    I have (courtesy of fail2ban + nginx) tables of IPs I would like to stop from accessing the server in any way (ssh, web, etc.). When they try to ssh, pf blocks them like it should. When they access the webserver directly, they get blocked. But when they access via a proxy, I have no idea what...
  2. I

    access sites and some other networking issues

    I have problem to access some sites but not all, but I have internet connectivity normally. Example this site below cannot be accessed: https://www.linode.com/community/questions/2982/im-unable-to-run-telnet-on-localhost-25-how-do-i-fix-it-solved I get the following message in Mozilla; Hmm...
  3. F

    PF Packet tagging with route-to in pf.conf

    nat log (to pflog0) on if0 from 192.168.0.1 tag TAG_PASS tagged TAG_EX -> (if0) label "test" nat log (to pflog0) on if0 from 192.168.0.1 tag TAG_PASS tagged TAG_EX -> (if0) label "test" nat log (to pflog0) on if0 from 192.168.0.1 tag TAG_PASS tagged TAG_EX -> (if0) label "test" no nat from...
  4. M

    Recommended approach to host / domain blocking?

    I'm currently using hblock with Arch Linux on my laptop: and now I'm wondering what the recommended approach for something like this could be when using FreeBSD. What comes to mind: Simply stick to using a hosts file Use a DNS resolver like unbound with a blocklist Use a DNS proxy like...
  5. W

    IPFW Curl getting blocked by IPFW

    Hey people, After spend some days searching about my issue,I come here to try the luck. I 'm runing an webserver using: FreeBSD 12.0 Apache24 2.4.41 curl 7.67.0 Using IPFW as firewall. Main problem is about Curl, this one with IPFW enabled is getting timeout and does not work. Similar...
  6. Killua

    PF GeoIP whitelist or blacklist of states

    Hi Guys, i don't find nothing on the net about GeoIP for PF, I searched a lot but nothing, I need to block states or create a white list of states that can access the server so I can make things easier for myself, could anyone help me? place here at the bottom of my pf configuration that is...
  7. D

    pppoe, jails, firewalls and me

    Hey Community, I want to try something but need some advice before I start. If I open a pppoe connection on a machine which has some jails instantiated, could these (maybe compromised) jails do something nasty with that tun device? In my understanding the kernel creates the pppoe device which...
  8. S

    PF PF Portfowarding HTTP Sometimes can be opened sometime can't be opened

    Hello everyone. to the point, I would to ask something about port portforwarding. is portforwarding very slow connection? My friends opened my server actually is really fast (about 20ms). But when I opened it, it is very slow to opened the web from the my ip public. sometime when I opened it is...
  9. damjank

    FreeBSD 12.0-RELEASE Update successful but kernel modules can not be loaded anymore

    Hello Guys. I installed fresh installation of FreeBSD 12.0 minimal; I then installed minimal packages, the rest was done via ports. I did freebsd-update fetch in install - it wen along OK. Afterwords I get errors like: kldload: can't load pf: Operation not permitted and kldload: can't load...
  10. F

    IPFW ipfw filter for tcp IPv6 on Freebsd 11

    Hi I am using ipfw for firewalling on a FreeBSD 11 box. Unfortunately I cannot wrap my head around the fact that/why the following rule does not match when I initiate a TCP connection to 2a00:1450:4001:814::2003 (that is Google...): ipfw add 340 set 5 count dst-ip6 2a00:1450:4001:814::2003...
  11. M

    PF Rule diagnostics - Halp!

    Hi there all, first post here so just say if I've a mistake, besides, well... my pf rules. 😀 I've created this rule configuration while I was experimenting with OpenBSD. I'm not a programmer, just a consumer so I don't even know what these are meant for other than from what I read for about...
  12. P

    The default/optimal firewall settings

    I learned that freebsd doesn't have a firewall running out of the box. I have no network knowledge. And as a desktop user, I find it a little bit unneccesary to learn little to moderate level of networking. Is there a GUI I can use to configure my fiewall to optimal settings?
  13. K

    Solved ipfw + NAT mystery

    So I just learned that there's two methods to doing NAT in FreeBSD. The apparently old natd + divert way, which is documented in the handbook, and the new in-kernel ipfw+nat way, that is randomly documented by Google. Is anyone ever going to update the handbook to over ipfw+NAT? The man page...
  14. M

    PF Rules must be in order: options, normalization, queueing, translation, filtering

    Hello guys, Can you help? I know There was a similar topic, but I did not understand the answer. I have rules for my BSD System for defend apache. I have error: /usr/local/etc/pf.conf:31: Rules must be in order: options, normalization, queueing, translation, filtering I do not understand...
  15. Angelo Klin

    IPFW Private VPN + Firewall on a VPS

    Hello All, With all the fuzz and issues with security and privacy these days I decided to give it a go with a VPN, mostly for the fun and challenge. I am partially done with a scenario that sounds very typical these days, although it is not necessary plain vanilla. The overall idea is...
  16. Y

    lte 4g common usage and gaming

    On lte 4g i recognised some crashing behaviours which didn't occur on cable. This happens with wine and other sensitive programs. set: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters autodisconnect decimal -1 change mtu on your network-card-settings down to your...
  17. Y

    ipfw kernel panic solution

    I don't know if it's Ryzen which is causing this and if it's the Ryzen-bug or if it is something else. Commands like this are causing kernel-panics: ipfw table test create type number algo number:array ipfw table test add 1001 ipfw table test add 1002 ipfw table test add 1003 ipfw table test...
  18. B

    Mount two firewalls

    I want to mount a firewall. I have the idea of that my traffic could be "sniffered" by somebody. So I will ask for how to mount a firewall, here, on my desktop installation but also on another equipment. Besides, I want to know what else can I do for making the most miserable the attack of a...
  19. N

    Looking for 1on1 help preferably in person (Toronto Area)

    Hello Everyone! I am a regular linux user of about 10 years. I am now looking to learn freeBSD. icsdhcp,gateways,ipsec and pf, ect. I am using vmware to create my network and finding that i read a doc on dhcp.conf and realize 1h later its for a version 2 years old and openBSD. I would like...
  20. L

    PF Communication between fail2ban and pf fails

    EDIT: the problem is solved Hello, i had used Debian at the last several years and i'm very new to FreeBSD. I tryed to port my configuration for fail2ban from my Debian machines to FreeBSD (with the modification due the firewall has changed). In my testing phase i have found out that the...
Top