pf conf

  1. A

    Solved unable to block all inbound traffic (ping always works)

    Hello, I am using a virtual machine which use NAT network of vmware. I set the simpliest rule to block all inbound request with : block in all but it has no effect... I cannot ping google from VM but i can from a terminal in my host machine. how is it possible ? for more information this is...
  2. J

    PF Blacklisting and/or whitelisting in (BSD) pf

    I am considering a pf rule like this: pass in on $ext_if inet proto tcp from <ssh_clients> to ($ext_if) port $myssh keep state (max-src-conn 9, max-src-conn-rate 2/5, overload <blocked_guests> flush global) But I am not sure if allowing ssh connections only from a whitelist (ssh_clients) will...
  3. N

    Looking for 1on1 help preferably in person (Toronto Area)

    Hello Everyone! I am a regular linux user of about 10 years. I am now looking to learn freeBSD. icsdhcp,gateways,ipsec and pf, ect. I am using vmware to create my network and finding that i read a doc on dhcp.conf and realize 1h later its for a version 2 years old and openBSD. I would like...
  4. M

    PF pf config & log questions

    I'm trying to understand how to read the logs properly. 00:00:00.019892 rule 0..16777216/0(match): block in on em0: 180.188.246.156.29044 > 11.22.33.44.23: Flags S, seq 1208588937, win 23644, length 0 00:00:01.172317 rule 0..16777216/0(match): block in on em0: 151.226.32.226.24131 >...
  5. blueCub

    Solved PF block not stopping access to my jail

    Hello there, I have a jail inside a VM. I installed Gitea inside the Jail and configured PF (nat) to forward traffic coming on port 2000 to the jail port 3000 (The gitea web application) and left port 10000 for the ssh (for git) inside the jail. All is okay so far till recently I checked my...
  6. dch

    Solved NATted outbound jail traffic sometimes uses backup CARP IP on LACP/LAGG interface

    Outgoing traffic from a jail via PF NAT over a LAGG/LACP sometimes has the backup CARP IP address assigned to it. As this IP is only active on the "other" server, the return TCP connection traffic never actually gets back to our CARP master, and the other server sees spurious TCP...
  7. barrandrea

    PF Redirect all traffic from ip to another

    Hi, i need to redirect all traffic from a private ip address attested on a local interface, to a public ip address. The old configuration with iptables it's something like this iptables:-A PREROUTING -d $private_ip/32 -i $int_if -j DNAT --to-destination $public_ip iptables:-A PREROUTING ! -d...
  8. dave

    PF pf: NAT Multiple Internal (LAN) Interfaces

    Hello, I cannot seem to find information on how to perform NAT for multiple internal (LAN) interfaces with pf. I have a very simple set of rules for performing basic NAT: # Definitions ext_if = "wlan0" # macro for external interface - use tun0 for PPPoE int_if = "ue0" #...
  9. rigoletto@

    PF Seeking for config remarks, and advise.

    Hello, I did an upgrade on my pf.conf and would like if you could take a look on it, and point out weak points, please. ### Interfaces ### Ext_If = "em0" Int_If = "em1" ### Hosts ### HOST = "192.168.0.200" AFP_Jail = "192.168.0.210" WEB_Jail = "192.168.0.254" DNS1_Jail =...
  10. S

    PF PF doesn't load at startup time in FreeBSD 10.1

    Hi, I have a problem with my PF it seems after all verification made with pfctl -vnf /etc/pf.conf NOT with the rulesets but number of tables and the size of it. Can be adjusted this situation? I can't control the size of tables for zones because are country based IP net blocks. So first I...
  11. M

    PF OpenVPN issues

    I can't seem to connect to the OpenVPN server I'm running on 10.2 though PF, I keep getting a tls-auth timeout. Here's my pf.config: tcp_services = "{ssh, http, https}" # vpn address block vpnclients = "10.8.0.0/24" # wan interface wanint = "vtnet0" #tunnel interface vpnint = "tun0" # openvpn...
  12. A

    Solved PF rules for IRC traffic

    Recently I started dabbling with Packet_Filter (PF) to set up my firewall. So far I read a bit in the PF Handbook and our FreeBSD Handbook (chapter on PF). The firewall works fine and the rules seem sane. However, I cannot connect to #freenode with PF enabled. Does anyone know any pass command...
Top