packet filter

SSHGuard in combination with pf on FreeBSD 14.0-RELEASE (fresh vanilla installation on Hetzner VPS) is behaving strangely. After starting, it either terminates immediately or after some variable time, indicating a potential issue with pf. Below are the details: System Info: FreeBSD myserver...

Hi, I have a software that deploys a DNS forwarder and uses PF to redirect local DNS requests to the forwarder. All of sudden this schema stopped working and I am trying to figure out what could be the problem. I am troubleshooting the issue and trying to verify every piece. My question is...

Hi mates! During the boot my FreeBSD box start PF earlier than wg0 interface creates. Enabling pfno IP address found for wg0:network /etc/pf.conf:5: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded /etc/rc: WARNING: Unable to load /etc/pf.conf. . [#]...

Hi , i have FreeBSD router with 2 WAN and 1 LAN igb0 >> Modem0 > Default GW igb1 >> Modem1 in default my usual load balancing system like this: pass in log (all) quick on igb2 route-to { (igb0 192.168.20.221), (igb1 192.168.41.111) } round-robin inet all flags S/SA keep state label "lb"...

I'm using a fairly strict PF ruleset on a server and I am having trouble with updating the system. I have port 80 and 443 open (http and https respectively) but I get a "No address record" error when I try to update the repositories. I also have port 21 open in case it used ftp, but it...

Hi, i have trouble with Ipsec & pf enc0 nat problem . I show you my problematic scenerio below any help would be appreciated at this point STRONGSWAN CONFIGURATION alfa7000 { fragmentation = yes unique = replace version = 1 aggressive = no proposals...

Hi, guys! For a while I used for my whmcs setup composed by apache + mod_php as backend and nginx as reverse proxy. I was thinking i'm safe until someone with few proxies succeed to open enough connections and apache eaten whole amount of RAM (2GB). Any idea how to block this kind of...

Hi, I have to use both IPFW and PF sametime in my freebsd 12.2 gateway normally firewalls follows this order pf => ipfw as you now i am trying to do this order: input => ipfw => pf but i think i cannot change this order without touching kernel level . when i made some research i found this...

Hello. I have such a problem. I have FreeBSD 12.1-RELEASE router (with 3 interfaces) - LAN HOME(192.168.22.), LAN WORK(192.168.11.), WAN(1.2.3.4) My router connect to NordVPN over OpenVPN as a client (creates new TUN0 with address 10.8.0.3) I want now to nat only one host from LAN_HOME (...

I have remote FreeBSD server with name server inside jail. My rules are: ext_if="em0" ext_ip="X.X.X.X" jail_net="10.0.0.0/24" ns_ip="10.0.0.1" icmp_types = "echoreq" table <blacklist> persist file "/etc/pf/blacklist" table <trusted> persist file "/etc/pf/trusted" set block-policy drop set...

Hello friends, I need configure one new BSD with PF to resolve this scenario... [ISP]------bnx0[BSD]bnx4------{LAN 10.0.0.0/8} ISP IPv4 181.143.98.153/29 bnx0 Gateway 181.143.98.153 IPv4 181.143.98.157/29 <- ISP Public IP bnx4 IPv4 177.126.32.1/22 <- Our own pool of public's IP's alias...

The purpose of this post is to try and clarify a few basic ideas in packet filtering that I'm having trouble reducing to firm principles in practice. 0. PF lives in the kernel and handles all packets as they pass between NI(C)'s and daemons 1. Packets are identified by the NIC of origin and...

Hi all, Could somebody with some knowledge and experience have a look at my pf.conf before I start using it, to make sure I'm not doing anything stupid with it? I am using FreeBSD 12.2 on a laptop connected via wifi to my ISP router and the VPN provided for work. I am using OpenVPN and...

As my rules get more complicated, i've gone from "from any", to "from ip-address", to "from en0". What I noticed is that when I specify via en0/en1, `pf` makes a rule for every IP address on that interface. Even though other IPs in my setup are covered by other rules. Including IPv6 addresses...

Hello, I've read a number of other threads and resources (here and elsewhere) but I can't seem to get the correct combination of things to make my scenario work. Some info seems to be outdated or I'm not sure how to fit it in. Maybe it just isn't possible. Hopefully this isn't completely...

Dear Exports, I have a puzzle on my hand. I have a network isolated from the Internet. The freeBSD computer has 4 Ethernet ports, but only 3 are involved in this puzzle while the 4th is only used to access the freeBSD. My basic goal is to send some of the multicast from the up stream...

Good day all, I have a working home network that has the following layout: [Clients (172.31.33.2-172.31.33.200] | [Switch||Wireless AP] | [Gateway (172.31.33.1,PUBLIC_IP)] | {internet} miniupnpd is enabled as well as a few other bits of tinsel, but all in all works perfectly.. Now the issue...

People seem to run into issues from time to time so I figured that I'd provide a sample config that pretty much mimics your generic SOHO router/gateway. ################################# #### Packet Firewall Ruleset #### ################################# ################### #### Variables...

After upgrade to 11.0-RELEASE something blocks connections between openvpn-client and openvpn-server etc. I mean traffic after openvpn connection is established, so user can connect but has no traffic. Only one connected user is forwarded/routed to destinations/other hosts etc. When the second...

Hello! I've encountered the problem after upgrade to 11.0-RELEASE. I suppose pf adding two routes which exist. Starting Network: lo0 vtnet0. lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1...