pf firewall

  1. Sivan!

    Is there a way to "mask" a DHCP assigned IP address in a personal computer?

    I do not have a static IP for my computer connected by fiber to home. My ISP assigns an IP address by DHCP, is there a way of making my ISP's router at my home remember the address assigned to me by local settings? I do not fully understand but this URL to a how-to guide points to a method...
  2. byrnejb

    Solved Persistent TABLES

    I have this definition in /etc/pf.conf: table <WHITELIST> persist file "/var/db/pf/pf_white_list" When I add an address using pfctl I can see it is there: [root@gway04 ~ (master)]# pfctl -t WHITELIST -T add 1/1 addresses added. [root@gway04 ~ (master)]# pfctl -t WHITELIST -T...
  3. byrnejb

    PF Unable to establish ssh link to host running pf.

    # freebsd-version ; uname -a 13.0-RELEASE-p11 FreeBSD x 13.0-RELEASE-p11#0 Tue Apr 5 18:54:35 UTC 2022 amd64 On this host I have sshd listening on this port: tcp 0 0
  4. L

    PF pf nat rule for a specific user

    Hi everyone, I try to configure a pf nat rule which is only applied on a specific user. Is that possible? Because I always get a syntax error with the following rule: nat log on if1 from self to user myuser -> In the log message I can see that the uid is logged correctly...
  5. D

    IPFW Auditing Firewall Rules and settings against best practise and security risk

    Hi All , I need to audit the rules and settings of a FreeBSD firewall against best practice ""my first time", the client has sent me a text file . Is there a software I can use to make this analysis? If not, what is the best process for auditing this FreeBSD firewall? Thank you
  6. K

    PF A weird PF whitelist problem

    Under FreeBSD 13, I'm using PF and it was working fine till today. I've a <whitelist> table that I suspect it's not really working with PF. Any IPs within that file (table <whitelist> persist file "/var/pf/whitelist.txt") seems still getting blocked by PF, as I see through real-time by the...
  7. lifepillar

    PF Issue with configuration blocking access to jails on ip aliases attached to external interface

    Hi, when I activate PF in my server, I cause connectivity to my jails to be blocked (even when it should not). With PF disabled, everything works. I am likely doing something stupid, but I need other eyes to look at it. My jails are bound to the only active interface igb0: root@host # ifconfig...
  8. K

    PF PF config suggestions - web server?

    Hi there. I have a VPS running nginx as web server, local unbound, local maria-db and sshd. I'd be glad if anyone could confirm that I have no weird rule for the main server purposes I listed above and so that I'd continue studying PF. :) So this is my pf.conf (FreeBSD 13) (the table "f2b"...
  9. L

    Solved Block queries to some nameservers

    Having a in-home unbound server for dns queries, I'd like to block queries to other dns nameservers. Take the example of the server. re0 is the network interface that connects to the router, also a FreeBSD box running a dns server. re0 is part of bridge10 as for vnet jails to have access...
  10. S

    PF pf rule not being used

    Howdy, I recently started using pf (FreeBSD 13.0) as my home FW with very basic rules: lan="bge0" wan="bge1" set loginterface $wan set optimization normal set block-policy drop set skip on lo0 scrub on $wan all nat on $wan from $lan:network to any -> ($wan) block drop log all pass in on $lan...
  11. Aknot

    Solved Eventually they will find what they are looking for (setting up fail2ban with pf)

    Hello, I got some really valuable help earlier, improving pf rules for a web server, thanks again for that. I want to continue try making the life hard for some malicious beings out there. Example: tcpdump -n -e -ttt -r /var/log/pflog 00:00:03.008672 rule 16/0(match): block in on vmx0...
  12. Aknot

    Solved Improve rules for a web server (newbie about pf)

    Hello, pf in FreeBSD is not my strongest side, is there anything I should improve (or anything missing) in our pf setup for a basic web server with low traffic? Thank you very much, ext_if="vmx0" me="" good_tcp_ports="{ 33333,443,80,8080,25,22222 }" set skip on lo0 block in all...
  13. T

    Solved PF Packet Filter not loading rules on reboot manual required

    Hello, For the past 3 weeks I have been testing PF firewall and so far so good except for the rules not loading automatically on reboot. I load the rules using pfctl -F all -f /etc/pf.conf and all works great. I did change my default kernel to accomodate altq I actually had to redo the kernel...
  14. B

    bhyve No Network Connection From bhyve Guest With PF Enabled

    EDIT: 17MAR2021 I would like to make a quick note showing how I solved this. I actually noticed my mistake after reading reading this forum post. I never allowed my vm-bhyve interface vm-public through my firewall. Because my default setting is to simply block everything, my VMs weren't...
  15. N

    PF PF firewall pf.conf Review

    Hi all, Could somebody with some knowledge and experience have a look at my pf.conf before I start using it, to make sure I'm not doing anything stupid with it? I am using FreeBSD 12.2 on a laptop connected via wifi to my ISP router and the VPN provided for work. I am using OpenVPN and...
  16. jjbigorra

    NGINX on several jails or on host?

    Hey guys, this is my first post here, I am hoping I respect all the rules of this wonderful forum. I am setting up some services, moving from Ubuntu to FreeBSD in my company. We have 3 environments: - Test: all services in one server - Acceptance: Database and Redis in one server, rest of...
  17. H

    Solved firewall rules for connecting reverse proxy to nginx jails

    Even though I have been using freebsd on my desktop and laptop for many years, I have no experience in server configuration. After much research, trial and error, I was finally able to put together a webtoaster. The services run in jails and each one with a private IP, in this case a jail that...
  18. decuser

    PF Reasonable gateway firewall configuration

    After much tribulation, I was able to get my FreeBSD machine operating as a gateway router between my lan and ISP router. I used pf because I found a decent howto online - Building an OpenBSD/pf Firewall. The pain came when I tried typing the rules in - what a friggin' nightmare (insert lots of...
  19. saeedpersa

    PF PF and Bastille

    dear my friends I configured Bastille and it works well but there is another problem which I don't know how to handle it. Internet > Firewall > VMWare > FreeBSD > BastilleOS how can I configure BastilleOS to access the Internet? I want to access the internet from my BastilleOS? and How...
  20. D

    Solved Wireguard setup (with PF problems)

    Hi there, I'm sort of a new user with FreeBSD, so please excuse me if you see some glaring error in my thinking/configs (I'm a Linux admin so there are differences I'm counting on). :) So here is my problem - I would like to set up Wireguard on FreeBSD 12, which is mostly done, I think, the...