ipfw firewall

  1. S

    IPFW How to allow TCP,UDP,ICMP traffic that's sent OUT to internet also return BACK IN but disallow traffic IN from internet that wasn't initiated

    Hey everyone, I'm struggling I'm new to FreeBSD and trying to get up and running an IPFW firewall on my FreeBSD VPS. I don't want to setup any NAT but only firewall filter rules. My /etc/rc.conf firewall_enable="YES" firewall_quiet="YES" firewall_type="open" firewall_myservices="any"...
  2. A

    IPFW IPFW not working

    Hi! IPFW config file # Block IP ipfw table 1 add; $cmd 160 deny ip from 'table(1)' to me $cmd 161 deny ip from me to 'table(1)' root@mydomain:/var/logs/nginx# ipfw table 1 list 0 Why do I get lines like this in the NGINX error and access logs? 2023/12/29 07:58:29...
  3. A

    ssh connection

    Hi, I have a FreeBSD 13.1 released installed on a machine and there is NO firewall service running on it, it has two interfaces one with public IP and the other with private IP. I can not ssh into the machine from a public IP apart from the public IP of the same network and I can ssh into the...
  4. S

    IPFW ipfw rules for dns servers under ipv6

    Thank you for your help.
  5. cnbatch

    IPFW How to properly configure NPTv6?

    I've created an instance on Vultr, both wireguard and ipfw (IPv4 NAT) are enabled successfully and work perfectly. Now I want to use NPTv6 on this server, how can I get a correct sample of NPTv6's configuration? FreeBSD version: 13.2-RELEASE This is my configuration of rc.conf and IPFW...
  6. D

    How to use ipfw to block an ip for a specified time on freebsd12

    How to use ipfw to block an ip for a specified time on FreeBSD 12. I am currently using iptables+ipset, which can block an ip for a specified time. ipset create blacklist hash:ip timeout 3600 iptables -A INPUT -p tcp -m set --match-set blacklist src -m multiport --dports 443,80 -j DROP ipset...
  7. bgrant

    Solved IPFW Log Session Setup only

    I'm fairly new to IPFW but have read the various examples and the manual page carefully. I can't seem to find a way to log a successful connection without logging all subsequent packets. I thought the best way would be using keep-state but that doesn't work the way I intended. With IPFILTER...
  8. HL1234

    IPFW jail with IPFW connection on private IP not working with /etc/rc.firewall workstation

    Because in between things have changed and I got no answer from the Forum, I like to try a new post. What do I have? -FreeBSD 13.0 -A jail with a running webserver -I'm using the firewall IPFW with NAT settings to connect to the jail from outside the host and from inside to outside. Now this...
  9. kr0m

    Solved IPFW firewall_logging strange behaviour

    I am making some network traffic debug to configure IPFW rules, and i noticed extrange behaviour when i enable firewall_logging option. I start my system and the configuration option is disabled: odyssey # ~> grep firewal /etc/rc.conf firewall_enable="YES" firewall_script="/etc/ipfw.rules"...
  10. D

    IPFW Auditing Firewall Rules and settings against best practise and security risk

    Hi All , I need to audit the rules and settings of a FreeBSD firewall against best practice ""my first time", the client has sent me a text file . Is there a software I can use to make this analysis? If not, what is the best process for auditing this FreeBSD firewall? Thank you
  11. john_rambo

    IPFW Configuring IPFW for the first time .....Trying to understand the rules

    I read this Wiki >>> https://docs.freebsd.org/en/books/handbook/firewalls/#firewalls-ipfw Under Linux I was using ufw to configure iptables. I was using the policy deny all in & allow all out. I have presently applied the workstation type by using the command sysrc firewall_type=workstation...
  12. I

    IPFW Forward port from one ip to other IPfw

    Hi I replace PfSense on my Box and i installed FreeBSD 12.1 acting as gateway. I use IPFW as firewall I have two network cards. igb0 ( wan) with IP -->> connected to my router ( In my router I DMZ everything is coming to ( wan address of firewall box) igb1...
  13. I

    IPFW Is there iptables to ipfw translator ?

    I'm new to freebsd I want to make these rules Iptables -t Nat -A POSTROUTING -o tun0 -s -j MASQUERADE Iptables -A PREROUTING -I tun0 -p 17 --dport 1024:65535 -j DNAT --to
  14. decuser

    PF Reasonable gateway firewall configuration

    After much tribulation, I was able to get my FreeBSD machine operating as a gateway router between my lan and ISP router. I used pf because I found a decent howto online - Building an OpenBSD/pf Firewall. The pain came when I tried typing the rules in - what a friggin' nightmare (insert lots of...
  15. rphanikrishna

    Solved IPFW for Unbound DNS resolver ipv4/v6

    Am trying to Build a Firewall for Unbound DNS resolver since a month and was not successful, solved almost all the configs except the IPFW rules, using FreeBSD 12.1-RELEASE-p5 Below are my rule list NOTE: a.a.a.a , b.b.b.b, c.c.c.c and d.d.d.d are my ipv4 Public IP pools...
  16. rphanikrishna

    Solved IPFW-IPV6 Syntax

    Configuring DNS caching server able to get all traffic without the firewall and with firewall only the IPV4 traffic is resolving, having some syntax issue with the config regarding the IPV6 (using FreeBSD 12.1) ipfw -q -f flush cmd="ipfw -q add" pif="em0" # interface name of NIC $cmd 00116...
  17. M

    IPFW Setting a common IP for both the Public IP and Jail IP

    Hello All, We are having trouble with finding ways to redirect the public IP address to the jail IP address. We have looked into the rc.conf and jail.conf files but are now sure how we should edit any of these files to achieve this. We have previously been unsuccessful in editing pf values...
  18. F

    How to interrupt network while client downloading content?

    Hi guys! I run a FreeBSD VPS where it's located a webserver with WHMCS inside. (Apache + Nginx) I would like to do other kind of ad by running a prank on social media where people will get message like "X has been hacked. Click here to download database" or something similar. What I need? A...
  19. B

    IPFW application hosted in amazon the IP changes from time to time

    Hello, I need to release an application that accesses the amazon. With each ping in the URL of the application hosted in amazon the IP changes from time to time. The local application does not support proxy. I use freebsd / ipfw. Example ping return: app.example.net -> a.a.a.b app.example.net...
  20. L

    setfib not working with tun interfaces?

    Hello, I've a 12.0 STABLE kernel compiled with: options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPDIVERT options DUMMYNET options HZ=1000 and: root@freebsd:~ # cat /boot/loader.conf net.fibs=2 My network configuration: root@freebsd:~ # ifconfig hn0...