pf firewall

  1. S

    PF pf rule not being used

    Howdy, I recently started using pf (FreeBSD 13.0) as my home FW with very basic rules: lan="bge0" wan="bge1" set loginterface $wan set optimization normal set block-policy drop set skip on lo0 scrub on $wan all nat on $wan from $lan:network to any -> ($wan) block drop log all pass in on $lan...
  2. Aknot

    Solved Eventually they will find what they are looking for (setting up fail2ban with pf)

    Hello, I got some really valuable help earlier, improving pf rules for a web server, thanks again for that. I want to continue try making the life hard for some malicious beings out there. Example: tcpdump -n -e -ttt -r /var/log/pflog 00:00:03.008672 rule 16/0(match): block in on vmx0...
  3. Aknot

    Solved Improve rules for a web server (newbie about pf)

    Hello, pf in FreeBSD is not my strongest side, is there anything I should improve (or anything missing) in our pf setup for a basic web server with low traffic? Thank you very much, ext_if="vmx0" me="11.22.33.44" good_tcp_ports="{ 33333,443,80,8080,25,22222 }" set skip on lo0 block in all...
  4. T

    Solved PF Packet Filter not loading rules on reboot manual required

    Hello, For the past 3 weeks I have been testing PF firewall and so far so good except for the rules not loading automatically on reboot. I load the rules using pfctl -F all -f /etc/pf.conf and all works great. I did change my default kernel to accomodate altq I actually had to redo the kernel...
  5. B

    bhyve No Network Connection From bhyve Guest With PF Enabled

    EDIT: 17MAR2021 I would like to make a quick note showing how I solved this. I actually noticed my mistake after reading reading this forum post. I never allowed my vm-bhyve interface vm-public through my firewall. Because my default setting is to simply block everything, my VMs weren't...
  6. N

    PF PF firewall pf.conf Review

    Hi all, Could somebody with some knowledge and experience have a look at my pf.conf before I start using it, to make sure I'm not doing anything stupid with it? I am using FreeBSD 12.2 on a laptop connected via wifi to my ISP router and the VPN provided for work. I am using OpenVPN and...
  7. jjbigorra

    NGINX on several jails or on host?

    Hey guys, this is my first post here, I am hoping I respect all the rules of this wonderful forum. I am setting up some services, moving from Ubuntu to FreeBSD in my company. We have 3 environments: - Test: all services in one server - Acceptance: Database and Redis in one server, rest of...
  8. H

    Solved firewall rules for connecting reverse proxy to nginx jails

    Even though I have been using freebsd on my desktop and laptop for many years, I have no experience in server configuration. After much research, trial and error, I was finally able to put together a webtoaster. The services run in jails and each one with a private IP, in this case a jail that...
  9. decuser

    PF Reasonable gateway firewall configuration

    After much tribulation, I was able to get my FreeBSD machine operating as a gateway router between my lan and ISP router. I used pf because I found a decent howto online - Building an OpenBSD/pf Firewall. The pain came when I tried typing the rules in - what a friggin' nightmare (insert lots of...
  10. saeedpersa

    PF PF and Bastille

    dear my friends I configured Bastille and it works well but there is another problem which I don't know how to handle it. Internet > Firewall > VMWare > FreeBSD > BastilleOS how can I configure BastilleOS to access the Internet? I want to access the internet from my BastilleOS? and How...
  11. I

    Solved Wireguard setup (with PF problems)

    Hi there, I'm sort of a new user with FreeBSD, so please excuse me if you see some glaring error in my thinking/configs (I'm a Linux admin so there are differences I'm counting on). :) So here is my problem - I would like to set up Wireguard on FreeBSD 12, which is mostly done, I think, the...
  12. M

    PF Rule diagnostics - Halp!

    Hi there all, first post here so just say if I've a mistake, besides, well... my pf rules. 😀 I've created this rule configuration while I was experimenting with OpenBSD. I'm not a programmer, just a consumer so I don't even know what these are meant for other than from what I read for about...
  13. J

    PF redirection from a port to another

    Hi there, I'm too new to BSD and pf so I can't accomplish the following task and receiving generic "syntax error", maybe because of tables or macros. Here's the scenario: a server in DMZ with unbound (serving as resolver to other machines in DMZ) and NSD (authoritative for an Internet domain)...
  14. L

    PF PF outbound rule on a bridge member interface did not stop packets

    Dear Exports, I have a puzzle on my hand. I have a network isolated from the Internet. The freeBSD computer has 4 Ethernet ports, but only 3 are involved in this puzzle while the 4th is only used to access the freeBSD. My basic goal is to send some of the multicast from the up stream...
  15. epopen

    Solved Jail outgoing internet's IPv6 packet 50% fail problem.

    Hi All. My server's jail need outgoing internet connection for Let's encrypt OCSP Staple, but connect problem IPv6 only. Detail ifconfig wan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8000a<TXCSUM,VLAN_MTU,LINKSTATE> ether 00:1e:68:c4:e1:9e...
  16. l008com

    `pf` Rule Tables - Advanced Options

    I have a PF table defined in my .conf file to which my server automatically adds bad traffic. There are a bunch of different systems that will block an host for various reasons, and for various amounts of time. However rather than relying on PF itself to 'expire' old rules, I manage that myself...
  17. S

    PF Jails with NAT

    I'm trying to set up an Ampache media server at home and am taking the opportunity to learn how to use jails on FreeBSD. I'm trying to set up jails on a separate loopback network on the host and use the NAT features of PF to direct the traffic where it should go. I've tried following multiple...
  18. S

    PF Firewall on FreeBSD Laptop

    I'm playing around with PF on my laptop, mostly to get a better understanding of how it works so I can get it working on my home server. I'm attempting to block all incoming traffic except that which I'm expecting to receive from Syncthing and KDE Connect. This is the content of my pf.conf...
  19. DiscmanDaemon

    RPI3 B some issues with jails

    Hello all, I have been experimenting with running a project that works great on AMD64/X86 on an RPI3 B, and have had some hiccups with jails, and I am wondering if anyone has experienced anything similar, and has any idea as to the cause. I've noticed the standard method of NATting jails on a...
  20. T

    IPFW authpf alternative?

    I have a use case for authpf. However, I'd prefer to stick with IPFW as it seems to be more maintained and more recent than the included PF version. However, I've been unable to locate an alternate option that'll work with IPFW. Maybe I'm missing something, or maybe there's another way...
Top