ipfw

  1. Sergei_Shablovsky

    PF How BSD pf performance depend on CPU frequency, L2/L3 cache size

    Hi, hardware gurus! How exactly BSD pf performance (in matter of low latency, high PPS, etc) depend on bus frequency, main CPU frequency and L2/L3 cache size in multi-package (mean physical multi-CPU, like Intel E5500/5600, E5-2000 series) server systems that intend working as border firewall...
  2. nerozero

    Solved ssh receive reset package randomly, Fssh_packet_write_poll: Connection from user user a.a.a.a port 38142: Permission denied

    Hello, I have a firewall issue, dropping randomly ssh connections. in the /var/log/auth.log: Fssh_packet_write_poll: Connection from user user x.x.x.x port 37832: Permission denied here is my the firewall rules: 00100 28 1400 allow ip from any to any via lo0 00200 0 0 deny ip from...
  3. nero

    Samba, IPFW, and the internet

    I am looking for best practices and see if anyone else is successfully running a similar environment. Have FreeBSD server that is basically a LAMP environment. That is living on a public IP address and using IPFW to block everything except 80 and 443. That is all working very well without...
  4. H

    Solved IPFW workstation setting blocking ssh

    I'm trying to enable ssh access to my laptop however it seems that ipfw blocks it, despite opening the port. I'm on FreeBSD 13. Following is the rc.conf section configuring the firewall, as well as the output from ipfw -t list after trying to ssh into my laptop from my phone (using termux)...
  5. O

    IPFW Can't get routing/NAT down an openvpn tunnel working

    I'm running openvpn in a VNET jail to connect to a commercial VPN provider. This was working fine with processes in the jail all using the VPN. I wanted to setup the jail to act as a router so that more network traffic could potentially be sent down the VPN. For testing, I added a second FIB on...
  6. T

    Solved Allowing selective traffic from/to wlan with -apbridge set (starting with ARP)

    I have an AP+bridge+firewall ("router") running FreeBSD 12.2-RELEASE r366954 GENERIC amd64. It's roughly set up as follows: - igb0 connects to my ISP via DHCP. (Disabled while I debug this.) - bridge0 has dnsmasq running on it as a DHCP server and DNS server. (Only dynamic addresses at the...
  7. J

    IPFW RDP protocol

    Hello lads, I've came further with my config of Softether VPN and IPFW. I'm in place where I want to allow RDP to only 1 IP, let' say it's: 192.168.1.10. I add a rule: allow tcp from any to 192.168.1.10 3389 out via $iif setup keep-state I'm able to telnet 192.168.1.10 3389 but can't RDP...
  8. W

    IPFW Question about how ipfw rule for HTTP 80 works

    Hey everybody, Currently I already have my server runing as desired. Looking for optimizations and how to keep it hardening, I have found the reference on /etc/rc.ipfw about the book Building Internet Firewalls. So, try following some examples, I did not got how ipfw works when trying limit...
  9. Londo

    IPFW IPFW and natd causing huge packet load

    Hello, First I wanted to give a shout out to everyone who has posted other problems and responses over the years - the knowledge base has helped tremendously. I'm here today to ask for pointers regarding IPFW and natd. Some background: I have a very old server that runs a business and is due...
  10. D

    IPFW A simple useful script for simple intrusion detection (FreeBSD + ipfw)

    Here I present a script which works like a simple intrusion detections system. I have made the script a long ago and used it for a long time. Now I have decided to share the script with the community. If this Forum is not a right place for such publications, I hope, the Community can suggest...
  11. D

    IPFW [Solved] Blocking Connections

    (Sorry for being a noob, It's my first time on the forums) Hi, I am using a custom firewall rules script, It supposed to block all connections other than the ones specified here but well, it doesn't here is my script: IPF="ipfw -q add" ipfw -q -f flush #loopback $IPF 10 allow all from any to...
  12. R

    Jails setup with the external IP address on vtnet0

    Hello, I'm trying to setup jails on a Digital Ocean droplet by following the instructions in the handbook: https://www.freebsd.org/doc/handbook/jails-ezjail.html The network configuration is like this: * vtnet0 with the external IP address, 10.10.0.5 netmask 0xffff0000 (Digital Ocean's...
  13. S

    IPFW How to avoid CARP's IP interference with IPFW NAT rules?

    To pass traffic from a remote host 55.55.55.55 to a service behind the NAT on the box with IP 77.77.77.77 I have a standard set of rules: 00812 nat 82 tcp from 55.55.55.55 to 77.77.77.77 48888 in via igb0 00822 allow tcp from 55.55.55.55 to 10.1.1.8 48888 in via igb0 00832 nat 82 tcp from...
  14. S

    IPFW How to list ipfw rules with non-zero counter only?

    Is there a native solution for ipfw to list rules with non-zero counter only? Can't see in the man.
  15. X

    PF pf and fib routing for wireguard

    I use the net/wireguard port for my VPN needs but have a problem if I want to connect to the same IP as the endpoint through the tunnel, because a static route is automatically added for obvious reasons to send this traffic directly rather than through the VPN. Now one way around this is to use...
  16. D

    NAT64 464XLAT

    Hello All, i am trying to do NAT464 XLAT similar with below diagram (taken from RFC6877) I have 2 VM using FreeBSD 12.1 Release as CLAT and PLAT with the following Kernel Option : IPFIREWALL IPFIREWALL_VERBOSE IPFIREWALL_DEFAULT_TO_ACCEPT IPFIREWALL_NAT IPFIREWALL_NAT64 LIBALIAS on both VM i...
  17. K

    Solved Squid and IPFW, packets getting stuck in a loop

    I am noticing an odd issue between squid and my firewall setup on a squid proxy system I put together. Periodically, it seems like the IPFW dynamic rules that get created when squid connects out will expire too early, thus causing inbound packets to hit a deny all established rule that comes...
  18. W

    IPFW Curl getting blocked by IPFW

    Hey people, After spend some days searching about my issue,I come here to try the luck. I 'm runing an webserver using: FreeBSD 12.0 Apache24 2.4.41 curl 7.67.0 Using IPFW as firewall. Main problem is about Curl, this one with IPFW enabled is getting timeout and does not work. Similar...
  19. K

    IPFW Redirect/forward specific outbound traffic on WLAN to internal host

    I am trying to find out if it is possible to redirect the traffic of several Android systems on my WLAN to specific internal hosts using IPFW. It seems Android hardcodes specific NTP servers and does not honor the "ntp-servers" DHCP option, meaning I have to allow NTP traffic outbound for these...
  20. F

    IPFW ipfw filter for tcp IPv6 on Freebsd 11

    Hi I am using ipfw for firewalling on a FreeBSD 11 box. Unfortunately I cannot wrap my head around the fact that/why the following rule does not match when I initiate a TCP connection to 2a00:1450:4001:814::2003 (that is Google...): ipfw add 340 set 5 count dst-ip6 2a00:1450:4001:814::2003...
Top