firewall

  1. L

    PF pf not working (state-mismatch)

    I using pf firewall on FreeBSD for socket IPV6 IPV6_BINDANY option. In OpenBSD tested pf, good working. But not working in FreeBSD. # test.c: #include <stdio.h> #include <arpa/inet.h> #include <unistd.h> #include <netinet/in.h> #include <sys/socket.h> const char...
  2. repcsi

    PF Update from 12.2-RELEASE-p11 to 12.3-RELEASE-p7 broke my PF internet router/firewall

    Hi all, I updated my internet facing router/firewall from 12.2-RELEASE-p11 to the latest 12.3 release: 12.3-RELEASE-p7. I'm using a custom kernel with ALTQ support as it helps with my transfer speeds. More info on this below as I even disabled ALTQ to try to solve this issue. The issue: after...
  3. T

    IPFW IPFW server, acting as a firewall (how to pass traffic ?)

    Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...
  4. JozanOfAstora

    Solved [noob] pf, ipf and ipfw

    Hi, which firewall should I choose between pf, ipf and ipfw for a home application or a small business? I've been using pf on my local laptop with a very minimal configuration, just to close every ports except the ones I need on my local network. But which one would you recommend for a...
  5. JozanOfAstora

    PF pf syntax error

    Hi, I am trying to follow this guide: https://www.vultr.com/docs/building-your-own-mail-server-with-freebsd-11 Unfortunately when copying the pf config and starting the daemon (or reloading the config with pfctl -f /usr/local/etc/pf.conf) I get this output: /usr/local/etc/pf.conf:27: syntax...
  6. D

    Solved Pkg: "No address record" with http ports open (PF)

    I'm using a fairly strict PF ruleset on a server and I am having trouble with updating the system. I have port 80 and 443 open (http and https respectively) but I get a "No address record" error when I try to update the repositories. I also have port 21 open in case it used ftp, but it...
  7. D

    IPFW Auditing Firewall Rules and settings against best practise and security risk

    Hi All , I need to audit the rules and settings of a FreeBSD firewall against best practice ""my first time", the client has sent me a text file . Is there a software I can use to make this analysis? If not, what is the best process for auditing this FreeBSD firewall? Thank you
  8. decuser

    Other Confusing documentation

    Having read, and re-read Chapter 31. Firewalls, I'm hugely disappointed in the lack of clear direction offered by the author. As a reference, it's not horrible, but for someone looking to turn on the firewall so their workstation or server is relatively safe, it's not good. I'm not a new user...
  9. decuser

    Other Choosing which firewall to use in 2021 - FreeBSD 13

    OK. I've read man firewall and Chapter 31. Firewall and I'm still a bit uncertain about which firewall to choose. Here's my use case: I have FreeBSD 13 installed on my Lenovo Thinkpad T-430. I alternate between the ethernet connection and wifi. Either way, I only use IPV4. I would like to be...
  10. F

    PF Apache + Ngingx reverse proxy

    Hi, guys! For a while I used for my whmcs setup composed by apache + mod_php as backend and nginx as reverse proxy. I was thinking i'm safe until someone with few proxies succeed to open enough connections and apache eaten whole amount of RAM (2GB). Any idea how to block this kind of...
  11. S

    PF pf rule not being used

    Howdy, I recently started using pf (FreeBSD 13.0) as my home FW with very basic rules: lan="bge0" wan="bge1" set loginterface $wan set optimization normal set block-policy drop set skip on lo0 scrub on $wan all nat on $wan from $lan:network to any -> ($wan) block drop log all pass in on $lan...
  12. I

    How to configure an entire OS to SOCKS5?

    I have a new FreeBSD 13 PC behind a firewall and need to connect to a SOCKS5 proxy to "go out". How do I configure the operating system to proxy to a fixed SOCKS IP address and fixed port?* * So all applications will just "go out" without configuring each one individually.
  13. Sergei_Shablovsky

    PF How BSD pf performance depend on CPU frequency, L2/L3 cache size

    Hi, hardware gurus! How exactly BSD pf performance (in matter of low latency, high PPS, etc) depend on bus frequency, main CPU frequency and L2/L3 cache size in multi-package (mean physical multi-CPU, like Intel E5500/5600, E5-2000 series) server systems that intend working as border firewall...
  14. nero

    Samba, IPFW, and the internet

    I am looking for best practices and see if anyone else is successfully running a similar environment. Have FreeBSD server that is basically a LAMP environment. That is living on a public IP address and using IPFW to block everything except 80 and 443. That is all working very well without...
  15. Sivan!

    Solved Forums firewalled out?

    Posting this from a phone on mobile network. I tried accessing forums.freebsd.org from my computer connected by wire, from different browsers and by another device connected to wifi from the same network. Forums.freebsd.org is still not reachable.
  16. scott_sch

    PF Fundamentals of packet filtering with pf

    The purpose of this post is to try and clarify a few basic ideas in packet filtering that I'm having trouble reducing to firm principles in practice. 0. PF lives in the kernel and handles all packets as they pass between NI(C)'s and daemons 1. Packets are identified by the NIC of origin and...
  17. N

    PF PF firewall pf.conf Review

    Hi all, Could somebody with some knowledge and experience have a look at my pf.conf before I start using it, to make sure I'm not doing anything stupid with it? I am using FreeBSD 12.2 on a laptop connected via wifi to my ISP router and the VPN provided for work. I am using OpenVPN and...
  18. I

    Solved Hardware for router

    Hi! I was not sure if I should put this to networking or off topic. I am looking for a relative cheap ITX motherboard and computer case which can handle 2x8 PCI-E cards with bifurcation without cutting metal or other kind of tinkering. I'd like to have something small for my home network, but I...
  19. J

    Solved Firewall vs Softether VPN

    Hello everyone, I'm having little problem with my setup of FreeBSD and Softether VPN. I want to be able to make connection with my VPN Server while firewall_type="closed". I thought I had to add these rules: add allow udp from any to any 67 setup keep-state add allow udp from any to any 68...
  20. l008com

    PF Best `pf` Rule Format?

    As my rules get more complicated, i've gone from "from any", to "from ip-address", to "from en0". What I noticed is that when I specify via en0/en1, `pf` makes a rule for every IP address on that interface. Even though other IPs in my setup are covered by other rules. Including IPv6 addresses...
Top