1. B

    PF PF not allowing IPv6 traffic

    Hello, I'm new to FreeBSD and loving it. The only thing I'm really struggling with is getting a good pf.conf. Here's my attempt. Sadly I can't get it to allow IPv6 traffic. Can anyone help me with what I'm doing wrong? vtnet0 = "vtnet0" set skip on { lo0 lo1 } # basic hardening scrub in all...
  2. plexinvise

    Solved FreeBSD as a MITM router

    Hi there, I am stuck with a problem I cannot resolve myself, unfortunately. I have a RPI3 device with FreeBSD on it, which I want to act as a router with firewall. Mu initial intent to use it as a sort of MITM router that I can control and adapt firewall needs for the purposes of testing...
  3. K

    PF Quick pf.conf review?

    Hello there. I've a tiny FreeBSD VPS with two jails running within it. I'm reaching out the jails remotely via SSH (First jail: My.public.IP.addr:4215 - 2nd one: my.public.IP.addr:4214) by having the config below. lo1 = My Jails' virtual local interface I created via rc.conf. I don't know if...
  4. vermaden

    Solved Port Forwarding into NAT Bhyve VM under pf(4) Firewall

    Hi, I have successfully setup NAT on pf with this in /etc/pf.conf file: nat on wlan0 inet from to any -> (wlan0) round-robin I am now trying to achieve the same what is available out of the box on VirtualBox - port forwarding. For example one of my Bhyve virtual machines is...
  5. K

    PF Tightening PF conf even further for my mail server?

    Hello there. I've completed setting my mail server up. Just for the sake of security and connection stability, I tried to implement PF firewall as well, for my services. Before I proceed and move my mail server into production, could someone please take a quick look at my pf.conf file and give...
  6. Sergei_Shablovsky

    BSD-based fw/router: ZFS on SSD RAID10 efficiency

    Hi FreeBSD Gurus! In case using bsd-based bare metal rack server as a gate fw/router: 1. How effectively would be using ZFS (in comparison to GPT, etc) file system in hardware RAID10 (4 of SSD TLC/MLC drives) ? 2. Is separating of /var, /tmp (also may be /usr) to another disk's logical volume...
  7. L

    PF How to rate limit ping?

    I could use some help with a pf firewall I can't get to work. For some reason, ping/icmp won't get blocked by overload. This works for ssh connections: table <bruteforce> persist block drop in log quick on $ext_if inet proto tcp from <bruteforce> port 22 pass in log on $ext_if inet proto tcp to...
  8. L

    PF pf not working (state-mismatch)

    I using pf firewall on FreeBSD for socket IPV6 IPV6_BINDANY option. In OpenBSD tested pf, good working. But not working in FreeBSD. # test.c: #include <stdio.h> #include <arpa/inet.h> #include <unistd.h> #include <netinet/in.h> #include <sys/socket.h> const char...
  9. repcsi

    PF Update from 12.2-RELEASE-p11 to 12.3-RELEASE-p7 broke my PF internet router/firewall

    Hi all, I updated my internet facing router/firewall from 12.2-RELEASE-p11 to the latest 12.3 release: 12.3-RELEASE-p7. I'm using a custom kernel with ALTQ support as it helps with my transfer speeds. More info on this below as I even disabled ALTQ to try to solve this issue. The issue: after...
  10. T

    IPFW IPFW server, acting as a firewall (how to pass traffic ?)

    Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...
  11. JozanOfAstora

    Solved [noob] pf, ipf and ipfw

    Hi, which firewall should I choose between pf, ipf and ipfw for a home application or a small business? I've been using pf on my local laptop with a very minimal configuration, just to close every ports except the ones I need on my local network. But which one would you recommend for a...
  12. JozanOfAstora

    PF pf syntax error

    Hi, I am trying to follow this guide: Unfortunately when copying the pf config and starting the daemon (or reloading the config with pfctl -f /usr/local/etc/pf.conf) I get this output: /usr/local/etc/pf.conf:27: syntax...
  13. D

    Solved Pkg: "No address record" with http ports open (PF)

    I'm using a fairly strict PF ruleset on a server and I am having trouble with updating the system. I have port 80 and 443 open (http and https respectively) but I get a "No address record" error when I try to update the repositories. I also have port 21 open in case it used ftp, but it...
  14. D

    IPFW Auditing Firewall Rules and settings against best practise and security risk

    Hi All , I need to audit the rules and settings of a FreeBSD firewall against best practice ""my first time", the client has sent me a text file . Is there a software I can use to make this analysis? If not, what is the best process for auditing this FreeBSD firewall? Thank you
  15. decuser

    Other Confusing documentation

    Having read, and re-read Chapter 31. Firewalls, I'm hugely disappointed in the lack of clear direction offered by the author. As a reference, it's not horrible, but for someone looking to turn on the firewall so their workstation or server is relatively safe, it's not good. I'm not a new user...
  16. decuser

    Other Choosing which firewall to use in 2021 - FreeBSD 13

    OK. I've read man firewall and Chapter 31. Firewall and I'm still a bit uncertain about which firewall to choose. Here's my use case: I have FreeBSD 13 installed on my Lenovo Thinkpad T-430. I alternate between the ethernet connection and wifi. Either way, I only use IPV4. I would like to be...
  17. F

    PF Apache + Ngingx reverse proxy

    Hi, guys! For a while I used for my whmcs setup composed by apache + mod_php as backend and nginx as reverse proxy. I was thinking i'm safe until someone with few proxies succeed to open enough connections and apache eaten whole amount of RAM (2GB). Any idea how to block this kind of...
  18. S

    PF pf rule not being used

    Howdy, I recently started using pf (FreeBSD 13.0) as my home FW with very basic rules: lan="bge0" wan="bge1" set loginterface $wan set optimization normal set block-policy drop set skip on lo0 scrub on $wan all nat on $wan from $lan:network to any -> ($wan) block drop log all pass in on $lan...
  19. I

    How to configure an entire OS to SOCKS5?

    I have a new FreeBSD 13 PC behind a firewall and need to connect to a SOCKS5 proxy to "go out". How do I configure the operating system to proxy to a fixed SOCKS IP address and fixed port?* * So all applications will just "go out" without configuring each one individually.
  20. Sergei_Shablovsky

    PF How BSD pf performance depend on CPU frequency, L2/L3 cache size

    Hi, hardware gurus! How exactly BSD pf performance (in matter of low latency, high PPS, etc) depend on bus frequency, main CPU frequency and L2/L3 cache size in multi-package (mean physical multi-CPU, like Intel E5500/5600, E5-2000 series) server systems that intend working as border firewall...