firewall

Dear FreeBSD Gurus and Networking Engineers! SETUP FreeBSD (14+) on bare metal 2xCPU pack server with several NICs (exist both 1G copper and SFP/SFP+ interfaces); separate LANs for internal monitoring and for other (DB cluster, backend servers, branch office, etc...) physically on separate...

I would like to access a remote jail/VM host behind a family member's home router without making any changes to their router config or adding additional hardware. (I suppose they could treat the host as a guest to disallow LAN access and allow only outgoing traffic.) I think I need these...

I have a VPS instance running FreeBSD (on Hetzner). I started nginx on it. When I am ssh'd into the server, I get a response: $ curl <server-ip-address> <default nginx response> However, when I try to connect on my own device: $ curl http://<server-ip-address> curl: (28) Failed to connect to...

Hello, I have looked quite a lot into how to do what I want to do, but can seem to manage it... Sorry for my noobiness in advance... I have a FreeBSD 14.0-Release-p6. It has 3 interfaces : - tun0 for a VPN, IP 10.X.X.44 - igb0 for a LAN, IP 192.168.X.136 which gives me internet I have a PC in...

CloudlFlare is bad. I won't go into too many details, but those who understand -- understand. The goal is to see if it can be replaced for less or equal money and -- in case it can be done -- to understand exactly how to approach this task. Why replace Cloudflare (tl;dr version) My estimate of...

Hi, do you know ipfw syntax for pf dup-to command? Thanks in advance

Hello everyone, I would like to use pf and ipfw at the same time for different tasks, but I can not understand who is activated first (if there is an order) when a rule is received. Also trying to verify this, I can’t figure out where the pf and ipfw log files are located on both OPNsense and...

I can access the BVCP web interface on my FreeBSD workstation when I have the PF firewall disabled, but whenever I have PF firewall enabled and try to connect to a BVCP web interface, I get the following error: "Unable to connect to Backend module". I would expect it to work if I open inbound...

Hi. I'm confused a bit about where to put my whitelist table (containing IPs that shouldn't get blocked). My current configuration does not whitelist my <whitelist> table. This is the trimmed pf.conf file of mine; ext_if="re0" table <whitelist> persist file "/var/pf/whitelist.txt" table...

Hello, I'm new to FreeBSD and loving it. The only thing I'm really struggling with is getting a good pf.conf. Here's my attempt. Sadly I can't get it to allow IPv6 traffic. Can anyone help me with what I'm doing wrong? vtnet0 = "vtnet0" set skip on { lo0 lo1 } # basic hardening scrub in all...

Hi there, I am stuck with a problem I cannot resolve myself, unfortunately. I have a RPI3 device with FreeBSD on it, which I want to act as a router with firewall. Mu initial intent to use it as a sort of MITM router that I can control and adapt firewall needs for the purposes of testing...

Hello there. I've a tiny FreeBSD VPS with two jails running within it. I'm reaching out the jails remotely via SSH (First jail: My.public.IP.addr:4215 - 2nd one: my.public.IP.addr:4214) by having the config below. lo1 = My Jails' virtual local interface I created via rc.conf. I don't know if...

Hi, I have successfully setup NAT on pf with this in /etc/pf.conf file: nat on wlan0 inet from 10.1.1.0/24 to any -> (wlan0) round-robin I am now trying to achieve the same what is available out of the box on VirtualBox - port forwarding. For example one of my Bhyve virtual machines is...

Hello there. I've completed setting my mail server up. Just for the sake of security and connection stability, I tried to implement PF firewall as well, for my services. Before I proceed and move my mail server into production, could someone please take a quick look at my pf.conf file and give...

Hi FreeBSD Gurus! In case using bsd-based bare metal rack server as a gate fw/router: 1. How effectively would be using ZFS (in comparison to GPT, etc) file system in hardware RAID10 (4 of SSD TLC/MLC drives) ? 2. Is separating of /var, /tmp (also may be /usr) to another disk's logical volume...

I could use some help with a pf firewall I can't get to work. For some reason, ping/icmp won't get blocked by overload. This works for ssh connections: table <bruteforce> persist block drop in log quick on $ext_if inet proto tcp from <bruteforce> port 22 pass in log on $ext_if inet proto tcp to...

I using pf firewall on FreeBSD for socket IPV6 IPV6_BINDANY option. In OpenBSD tested pf, good working. But not working in FreeBSD. # test.c: #include <stdio.h> #include <arpa/inet.h> #include <unistd.h> #include <netinet/in.h> #include <sys/socket.h> const char...

Hi all, I updated my internet facing router/firewall from 12.2-RELEASE-p11 to the latest 12.3 release: 12.3-RELEASE-p7. I'm using a custom kernel with ALTQ support as it helps with my transfer speeds. More info on this below as I even disabled ALTQ to try to solve this issue. The issue: after...

Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...

Hi, which firewall should I choose between pf, ipf and ipfw for a home application or a small business? I've been using pf on my local laptop with a very minimal configuration, just to close every ports except the ones I need on my local network. But which one would you recommend for a...