1. aikorei

    Solved FreeBSD 13.1 fresh install, ssh timeout on log in

    I just did a fresh install of FreeBSD 13.1 with ionos.com cloud host. I cannot seem to ssh into the server at all, and it's driving me nuts (I've called ionos support probably 8 times today and they're stumped too). Here's what I have so far... - I can access my server via KVM console - Here is...
  2. subnetspider

    IPFW Failover possible with IPFW?

    Hello all, is there a way to get some kind of failover working with two hosts running the ipfw firewall? From what I have read there is no such thing as pfsync for ipfw (so states would be lost at failover). But is there still another way to achieve failover with ipfw? As I also want to use...
  3. S

    IPFW Is IPFW capable of filtering WebSockets flood?

    Is there a way to block WebSocket traffic on IPFW without blocking https traffic with the same destination and port? How to distinguish websockets from https?
  4. gotnull

    IPFW Does a book about IPFW exist ?

    Hi there, I would like to know if you guys have heard or read a book that is talking about IPFW ? I know there is at least one about PF (Book of PF - a no-nonsense guide to the openbsd firewall), but I can't find anything IPFW related so I wonder if someone can enlighten me on this. Thank you.
  5. T

    IPFW IPFW server, acting as a firewall (how to pass traffic ?)

    Hello everyone, Experimenting IPFW, I would really appreciate some help to improve my abilities ! I actually know how to use it as a workstation firewall, but now, I would like to learn how to use it as an easy full firewall (just for experimenting). Here is an easy network map describing what...
  6. HL1234

    Solved rc.firewall option "workstation" missing in manual / help of rc

    man rc or man rc.firewall There in chapter rc.firewall is written: But the option "workstation" is there not described. But this option I find in my /etc/rc.firewall file. And I use this option. What is wrong? The help file missing the option? Or has this changed anytime in the file with a...
  7. R

    Solved IPFW stops bhyve guest from getting IP address from DHCP server

    I'm trying to setup some bhyve guests for the first time on my 13.0-RELEASE system but the guests were unable to obtain IP addresses from the DHCP server on my router unless I disabled ipfw. It appears that ipfw was blocking the responses from the DHCP server. Google searches didn't come up...
  8. L

    Migrated JAILs from TrueNAS 11.3 to JAILS over FreeBSD 13 with VNET and now IPFW inside JAIL not work: kldload ipfw - not permitted

    In jail under TrueNAS 11, was mail server that can block IPs by IPFW rules. Now I move JAIL to FreeBSD 13.1, and detect that same JAIL with same settings, not allow to load IPFW inside jail. kldload ipfw kldload: can't load ipfw: Operation not permitted For JAILs managemnt use iocage...
  9. JozanOfAstora

    Solved [noob] pf, ipf and ipfw

    Hi, which firewall should I choose between pf, ipf and ipfw for a home application or a small business? I've been using pf on my local laptop with a very minimal configuration, just to close every ports except the ones I need on my local network. But which one would you recommend for a...
  10. bgrant

    Solved IPFW Log Session Setup only

    I'm fairly new to IPFW but have read the various examples and the manual page carefully. I can't seem to find a way to log a successful connection without logging all subsequent packets. I thought the best way would be using keep-state but that doesn't work the way I intended. With IPFILTER...
  11. amr

    IPFW IPFW - Multi WAN

    Hello, Is it possible to have multi WAN with IPFW? I know it's possible with PF and PF does it well in pfSense. But I am running FreeBSD 13.1-RELEASE as my home firewall/gateway using some cool pkgs like net/kea, dns/unbound and FreeBSD's native firewall - IPFW with In-kernal NAT. Here is an...
  12. HL1234

    Get my NAT IPFW firewall for jail not to work from outside

    Hello, in short: A Jail is installed. Can start and stop and connect to it. Inside its running an Apache web server. Some simple Website exists. Starting the jail and make a test like this works: printf "HEAD / HTTP/1.1\r\nHost: <www.example.com>t\r\n\r\n" also telnet <www.example.com> 80...
  13. DrAngel

    Solved FreeBSD+OpenVPN+nat/fwd = not forward for WWW-server

    Good day everyone! Can't beat the following problem. Internet -> router (x.x.x.x/ -> ASC server {FreeBSD12+ipfw/nat/fwd (|If_Inet) + OpenVPN server (|If_VPN)} -> ADM server {OpenVPN client (|If_VPN) + FreeBSD12 www-server (Ip_WWW)} ->...
  14. E

    IPFW Local network (IPv6) - IPv4 internet connection

    Dear All, I wantto migrate my local network to ipv6 network but my isp supports only ipv4. I am using ipfw. how can I nat IPV6 clients to internet? Thanks.
  15. P

    IPFW IPFW - Disable Rule Sets by Default Upon Startup

    Dear All, I have made several sets of rules using IPFW. I've separated them into rule 1 and 2, and the rest in rule 31. What I want to do is that after restart, I would like to only have rule 31 running (with rule 1 and 2 disabled). Only after VNets are up (all the pairs and bridges are set up...
  16. HL1234

    Solved cannot install in a jail with ports & jail defined with different subnets - does this work?

    Hello, I'm new to work with jail. I try this example: FreeBSD jails: a complete example I've created the jail from another example - copied some files from the host - did a bit configuration - and it works: I can start it and connect in it with 'tcsh' command. With the example above I try to...
  17. L

    Other Rewrite destination address for outgoing packets

    Hi all, does anyone know if it is possible to change the destination address for local generated outgoing traffic? I try to achieve that traffic with a destination address to gets rewritten to I tried to implement that rules in pf and ipfw without success. In general I...
  18. zgasparian

    Port Scanner Detection and Banning

    After a couple of years, I have started to use FreeBSD again. Previously I was using Linux, and in all my servers I have installed "PSAD" package, which detect the Port Scanners IP addresses and bans them through IPTabels rules. I have searched the same in FreeBSD but does not exit. something...
  19. burkoff

    IPFW Multicast forward via ipfw

    Hello everyone I have the following case :) I make a multicast using ffmpeg ffmpeg -i rtmp://localhost/c1/c1 -c:v copy -c:a copy -f mpegts udp:// I have a multicast tcpdump -n |grep tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening...
  20. LordInateur

    Network Issues w/ LAGG + VMs

    Hello, all! I have an interesting setup that I'm hoping to get a little bit of help with. Before I start: please yell at me if some of my formatting is wonky-- I'm used to markdown, but not so much the styling that the FreeBSD Forums asks for, so if I've done something that needs to be...