packet filter

  1. F

    PF Apache + Ngingx reverse proxy

    Hi, guys! For a while I used for my whmcs setup composed by apache + mod_php as backend and nginx as reverse proxy. I was thinking i'm safe until someone with few proxies succeed to open enough connections and apache eaten whole amount of RAM (2GB). Any idea how to block this kind of...
  2. alfa

    Other How to change Packet Traversal order in FreeBSD IPFW and PF Firewalls in Kernel level ?

    Hi, I have to use both IPFW and PF sametime in my freebsd 12.2 gateway normally firewalls follows this order pf => ipfw as you now i am trying to do this order: input => ipfw => pf but i think i cannot change this order without touching kernel level . when i made some research i found this...
  3. C

    Solved PF Nat over OpenVPN Client

    Hello. I have such a problem. I have FreeBSD 12.1-RELEASE router (with 3 interfaces) - LAN HOME(192.168.22.), LAN WORK(192.168.11.), WAN(1.2.3.4) My router connect to NordVPN over OpenVPN as a client (creates new TUN0 with address 10.8.0.3) I want now to nat only one host from LAN_HOME (...
  4. G

    PF pf - does not block traffic to jail

    I have remote FreeBSD server with name server inside jail. My rules are: ext_if="em0" ext_ip="X.X.X.X" jail_net="10.0.0.0/24" ns_ip="10.0.0.1" icmp_types = "echoreq" table <blacklist> persist file "/etc/pf/blacklist" table <trusted> persist file "/etc/pf/trusted" set block-policy drop set...
  5. angelvg

    PF PF NAT on internal interface with public IP on this

    Hello friends, I need configure one new BSD with PF to resolve this scenario... [ISP]------bnx0[BSD]bnx4------{LAN 10.0.0.0/8} ISP IPv4 181.143.98.153/29 bnx0 Gateway 181.143.98.153 IPv4 181.143.98.157/29 <- ISP Public IP bnx4 IPv4 177.126.32.1/22 <- Our own pool of public's IP's alias...
  6. scott_sch

    PF Fundamentals of packet filtering with pf

    The purpose of this post is to try and clarify a few basic ideas in packet filtering that I'm having trouble reducing to firm principles in practice. 0. PF lives in the kernel and handles all packets as they pass between NI(C)'s and daemons 1. Packets are identified by the NIC of origin and...
  7. N

    PF PF firewall pf.conf Review

    Hi all, Could somebody with some knowledge and experience have a look at my pf.conf before I start using it, to make sure I'm not doing anything stupid with it? I am using FreeBSD 12.2 on a laptop connected via wifi to my ISP router and the VPN provided for work. I am using OpenVPN and...
  8. l008com

    PF Best `pf` Rule Format?

    As my rules get more complicated, i've gone from "from any", to "from ip-address", to "from en0". What I noticed is that when I specify via en0/en1, `pf` makes a rule for every IP address on that interface. Even though other IPs in my setup are covered by other rules. Including IPv6 addresses...
  9. FzZzT

    pr and bridges and squids, oh my!

    Hello, I've read a number of other threads and resources (here and elsewhere) but I can't seem to get the correct combination of things to make my scenario work. Some info seems to be outdated or I'm not sure how to fit it in. Maybe it just isn't possible. Hopefully this isn't completely...
  10. L

    PF PF outbound rule on a bridge member interface did not stop packets

    Dear Exports, I have a puzzle on my hand. I have a network isolated from the Internet. The freeBSD computer has 4 Ethernet ports, but only 3 are involved in this puzzle while the 4th is only used to access the freeBSD. My basic goal is to send some of the multicast from the up stream...
  11. PaulWebster

    NAT+pf+multi gateway issue

    Good day all, I have a working home network that has the following layout: [Clients (172.31.33.2-172.31.33.200] | [Switch||Wireless AP] | [Gateway (172.31.33.1,PUBLIC_IP)] | {internet} miniupnpd is enabled as well as a few other bits of tinsel, but all in all works perfectly.. Now the issue...
  12. D

    Generic NAT firewall pf config / template

    People seem to run into issues from time to time so I figured that I'd provide a sample config that pretty much mimics your generic SOHO router/gateway. ################################# #### Packet Firewall Ruleset #### ################################# ################### #### Variables...
  13. IPTRACE

    10.3->11.0 (something blocks connections for openvpn)

    After upgrade to 11.0-RELEASE something blocks connections between openvpn-client and openvpn-server etc. I mean traffic after openvpn connection is established, so user can connect but has no traffic. Only one connected user is forwarded/routed to destinations/other hosts etc. When the second...
  14. IPTRACE

    10.3->11.0 (pf added existed routes at boot)

    Hello! I've encountered the problem after upgrade to 11.0-RELEASE. I suppose pf adding two routes which exist. Starting Network: lo0 vtnet0. lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1...
  15. G

    Solved PF Fails to Load Ruleset with Jails (lo1 interface)

    This post is for anyone who may be using a jail, and after you set the jail to run at startup, PF rules are not loading (on the host machine). The odd thing that made me scratch my head is that you can manually start it and everything works; something is uniquely happening at startup that is...
  16. quamenzullo

    Networking and jails

    Hello, I still have some questions about networking and jails. I could not find the answers in the documentation or forums. I hope my questions are not too dumb. 1. The networking inside jails seems to partly rely on the networking of the host. To get "more" networking features, it is...
Top