firewall

I have FreeBSD 11 on a server where I've installed OpenVPN and I need to setup VPN properly to be able to put internet traffic through it. I can't connect to the internet anymore from my local computer after I've established a connection with my server via VPN. I guess the issue is port...

I've been using the PF module for NATing/firewalling purposes (8 cores, 16 GB RAM hardware), it seems to be doing good under normal traffic. But during TCP SYN floods it suffers a lot. I want the SYNPROXY feature to get enabled dynamically as the traffic increases for that particular rule (based...

root@LR-Remote:~/firewall.d # uname -a FreeBSD LR-Remote 10.3-STABLE FreeBSD 10.3-STABLE #0 r300092: Wed May 18 01:03:38 UTC 2016 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 This machine is IP 1921.68.1.11, and all iNet traffic on port 22 is forwarded to it from the...

Hi, Can anyone tell me if PF can be by-passed by an outsider(intruder)? I have an IP address that has already been in my ip.blocked table for two days and still its scans reach the web platform of the site where it is blocked by a firewall add-on/plugin at application level. Any help is welcome.

Hello folks, I just recently started using PF so bear with me. What I want my firewall to do is to block all incoming traffic except SSH and HTTP. Furthermore, I'd like to blacklist the IPs that try to bruteforce SSH. After a few hours of reading this is what I can up with: if="em0" lo="lo0"...

PF is divided into the sections: * Macros - Variables are defined in this section. This simplifies changing hardware, or makes it easier to list a lot of arguments as a variable. IP's are not set here, but instead in the next section. * Tables - Variables for IP's are defined here. This can be...

Hi, I have mail server sme 7.5 work in behind Cisco firewall router 800 series. tThis is router Cisco firewall to give me public IP 78.93.244.61. I using this router as gateway 192.168.1.254 to mail server that take IP 192.168.1.4. From one week happen problem iI cannot send or receive emails...

I'm trying to set up a pf firewall. I'd like to log all the dropped packets. Here's my pf.conf so far: tcp_internet_out="{53, 80, 443, 123}" udp_internet_out="{53}" block log all pass in quick on lo0 pass out quick on lo0 pass in quick on re0 inet proto tcp from any to (re0) port 22 pass out...

Hi, I'm new to PF. I read the documentation very carefully and I can't understand why this simple pf.conf locks me out of ssh: tcp_egress_out="{53, 80, 443, 123}" block in all block out all pass in quick on lo0 pass out quick on lo0 pass in quick on egress inet proto tcp from any to (egress)...

Hi everyone, I'm new to this forum and I got into FreeBSD only a few weeks ago (I used Linux before that). I'm trying to set up a minimal firewall configuration for a remote computer. Here is the script in my /etc/ipfw.rules file. #!/usr/bin/env bash nic=`netstat -r | awk '/^default/ {print...

Trying my hand at freebsdFreeBSD server with a single network (igb1) on the LAN with a OpenVPN connection. (Moved from 10 years of Linux thanks to ZFS. Last time I ran FreeBSD it came with a thick white book around the time MS-DOS 3 was around for perspective) I am trying to restrict a...

Hello, everyone, and nice to meet you! I am new to FreeBSD (so fresh that I'm downloading the ISO as I write, that means I've never used FreeBSD before). I come from the Linux world and one of the first things I do when I install a distro, before going to update and configure it, is to set up...

Hello! I've a strange problem with PF's rules. So, here it is: I've configured fail2ban to guard my asterisk service and added 1 table and 2 rules for PF: table <fail2ban> persist block drop in quick on em1 proto {tcp udp} from <fail2ban> to any block drop in quick on em1 proto {tcp udp} from...