packet filtering

  1. aragats

    Different gateway for specific TCP ports

    You may find this trivial, but I'm not an expert in packet filtering. What's the best way to use a different gateway for an email client's traffic from a bhyve VM (see below)? In particular, IMAP (993) and SMTP (587) are blocked on the LAN, so, the corresponding traffic should go through...
  2. scott_sch

    PF Fundamentals of packet filtering with pf

    The purpose of this post is to try and clarify a few basic ideas in packet filtering that I'm having trouble reducing to firm principles in practice. 0. PF lives in the kernel and handles all packets as they pass between NI(C)'s and daemons 1. Packets are identified by the NIC of origin and...
  3. B

    pf in a Jail

    I have a vnet jail for my physical NIC. In order to start the pf service in that jail, I had to add a devfs.rule to unhide /dev/pf. I also have wireguard jails which I intend to do the same, and connect them to my NIC-jail. (everything is vnet). Does anyone know if this is a bad idea? Will...
  4. T

    PF pf keeping state for lan to wan traffic.

    Hello, Sorry if the title is confusing. My question is when configuring pf I discovered two ways to achieve routing my traffic through my FreeBSD router using pf. The first rule set is as follows. ext_if="em1" int_if="em0" set skip on lo set block-policy drop nat on $ext_if from any to any...