firewall

EDIT: the problem is solved Hello, i had used Debian at the last several years and i'm very new to FreeBSD. I tryed to port my configuration for fail2ban from my Debian machines to FreeBSD (with the modification due the firewall has changed). In my testing phase i have found out that the...

Hello. I am using 11.1 on my two laptops. One has a wireless card which currently not supported, other's wireless card is out of order. I have 8.1 on my one laptop, and desktop none of which have wireless connectivity. I dont have a technical use of FreeBSD on these four machines. I use them as...

Almost every single ipfw ruleset I create has this as the very first rule: allow tcp from any to any established ... and I just noticed that ipfw allows me to specify a port on this rule: allow tcp from any to any 22 established If I create a new connection to port 22, I need a rule to allow...

Hi, Quick question. What could be the issue why I cannot ping my jail from local machine or local machine from jail? I thought it is pf.conf rdr somewhere wrong but now I am thinking about routing table not right. I can access anything from outside to jail. I have teamspeak3 server and if I...

Hello, each time I reload my pf.conf using the command: pfctl -F all -f /etc/pf.conf my ssh session dies. It does not just hang for a few seconds. It simply dies and I have to launch a new one. This happens even though both the old and the new configurations allow incoming connexion to the ssh...

Hey folks, I'm in progress of migrating my centos openvpn dualstack server to freebsd. I got a problem with ipv6 connection and im not shure what is the problem. IPv4 is working fine through the tunnel. IPv6 icmp is possible, but nameservers are not reachable on :53 or anything else except via...

OK, after reading the handbook several times, my brain is just not getting what is wrong with my pf.conf: set block-policy return block in all pass out all keep state pass in on wlan0 inet6 proto tcp from port 50000 keep state pass in on wlan0 inet proto tcp from port 50000 keep state As far...

Hello, From 2006 to now I've been running FreeBSD 6.1 on a Dell Optiplex GX1. It has a 500MHz CPU with 128MB of RAM and an Intel 82546 chipset dual port gigabit ethernet PCI card. It's been running great but I decided it's time to upgrade FreeBSD. I proceeded to install FreeBSD 11.0-RELEASE...

Hi there :) Someone has demonstrated for a while running OpenStack hosted on FreeBSD 11. Described right here For me that sounds awesome. I would like to have a similar setup now with FreeBSD 11 XEN and hosting OpenStack on Dom0. The minimum goal is to run FreeBSD as an Nova Compute Running...

I have FreeBSD 11 on a server where I've installed OpenVPN and I need to setup VPN properly to be able to put internet traffic through it. I can't connect to the internet anymore from my local computer after I've established a connection with my server via VPN. I guess the issue is port...

I've been using the PF module for NATing/firewalling purposes (8 cores, 16 GB RAM hardware), it seems to be doing good under normal traffic. But during TCP SYN floods it suffers a lot. I want the SYNPROXY feature to get enabled dynamically as the traffic increases for that particular rule (based...

root@LR-Remote:~/firewall.d # uname -a FreeBSD LR-Remote 10.3-STABLE FreeBSD 10.3-STABLE #0 r300092: Wed May 18 01:03:38 UTC 2016 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 This machine is IP 1921.68.1.11, and all iNet traffic on port 22 is forwarded to it from the...

Hi, Can anyone tell me if PF can be by-passed by an outsider(intruder)? I have an IP address that has already been in my ip.blocked table for two days and still its scans reach the web platform of the site where it is blocked by a firewall add-on/plugin at application level. Any help is welcome.

Hello folks, I just recently started using PF so bear with me. What I want my firewall to do is to block all incoming traffic except SSH and HTTP. Furthermore, I'd like to blacklist the IPs that try to bruteforce SSH. After a few hours of reading this is what I can up with: if="em0" lo="lo0"...

PF is divided into the sections: * Macros - Variables are defined in this section. This simplifies changing hardware, or makes it easier to list a lot of arguments as a variable. IP's are not set here, but instead in the next section. * Tables - Variables for IP's are defined here. This can be...

Hi, I have mail server sme 7.5 work in behind Cisco firewall router 800 series. tThis is router Cisco firewall to give me public IP 78.93.244.61. I using this router as gateway 192.168.1.254 to mail server that take IP 192.168.1.4. From one week happen problem iI cannot send or receive emails...

I'm trying to set up a pf firewall. I'd like to log all the dropped packets. Here's my pf.conf so far: tcp_internet_out="{53, 80, 443, 123}" udp_internet_out="{53}" block log all pass in quick on lo0 pass out quick on lo0 pass in quick on re0 inet proto tcp from any to (re0) port 22 pass out...

Hi, I'm new to PF. I read the documentation very carefully and I can't understand why this simple pf.conf locks me out of ssh: tcp_egress_out="{53, 80, 443, 123}" block in all block out all pass in quick on lo0 pass out quick on lo0 pass in quick on egress inet proto tcp from any to (egress)...

Hi everyone, I'm new to this forum and I got into FreeBSD only a few weeks ago (I used Linux before that). I'm trying to set up a minimal firewall configuration for a remote computer. Here is the script in my /etc/ipfw.rules file. #!/usr/bin/env bash nic=`netstat -r | awk '/^default/ {print...

Trying my hand at freebsdFreeBSD server with a single network (igb1) on the LAN with a OpenVPN connection. (Moved from 10 years of Linux thanks to ZFS. Last time I ran FreeBSD it came with a thick white book around the time MS-DOS 3 was around for perspective) I am trying to restrict a...