pf firewall

Hi there all, first post here so just say if I've a mistake, besides, well... my pf rules. ? I've created this rule configuration while I was experimenting with OpenBSD. I'm not a programmer, just a consumer so I don't even know what these are meant for other than from what I read for about...

Hi there, I'm too new to BSD and pf so I can't accomplish the following task and receiving generic "syntax error", maybe because of tables or macros. Here's the scenario: a server in DMZ with unbound (serving as resolver to other machines in DMZ) and NSD (authoritative for an Internet domain)...

Dear Exports, I have a puzzle on my hand. I have a network isolated from the Internet. The freeBSD computer has 4 Ethernet ports, but only 3 are involved in this puzzle while the 4th is only used to access the freeBSD. My basic goal is to send some of the multicast from the up stream...

Hi All. My server's jail need outgoing internet connection for Let's encrypt OCSP Staple, but connect problem IPv6 only. Detail ifconfig wan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8000a<TXCSUM,VLAN_MTU,LINKSTATE> ether 00:1e:68:c4:e1:9e...

I have a PF table defined in my .conf file to which my server automatically adds bad traffic. There are a bunch of different systems that will block an host for various reasons, and for various amounts of time. However rather than relying on PF itself to 'expire' old rules, I manage that myself...

I'm trying to set up an Ampache media server at home and am taking the opportunity to learn how to use jails on FreeBSD. I'm trying to set up jails on a separate loopback network on the host and use the NAT features of PF to direct the traffic where it should go. I've tried following multiple...

I'm playing around with PF on my laptop, mostly to get a better understanding of how it works so I can get it working on my home server. I'm attempting to block all incoming traffic except that which I'm expecting to receive from Syncthing and KDE Connect. This is the content of my pf.conf...

Hello all, I have been experimenting with running a project that works great on AMD64/X86 on an RPI3 B, and have had some hiccups with jails, and I am wondering if anyone has experienced anything similar, and has any idea as to the cause. I've noticed the standard method of NATting jails on a...

I have a use case for authpf. However, I'd prefer to stick with IPFW as it seems to be more maintained and more recent than the included PF version. However, I've been unable to locate an alternate option that'll work with IPFW. Maybe I'm missing something, or maybe there's another way...

Hello All, I am attempting to find out what my issue is with my FreeBSD Router that I am attempting to build. I have set up the following tools on my OS on my router: HostAPD DNSMasq PF All of which appear to work and I can route through the AP. However; I am not getting nearly the speeds or...

Dear FreeBSD users, My first IPv6 try with my FreeBSD desktop machine was a bit disappointing. According to FreeBSD Handbook, I added two lines in my /etc/rc.conf: ifconfig_re0_ipv6="inet6 accept_rtadv" rtsold_enable="YES" I added into my fully functional /etc/pf.conf: icmp6_types = "{...

I'm attempting to use relayd to act as an extremely simple load-balancer between two machines, however all 3 machines are on entirely different public networks. However, it seems that relayd is just creating a rdr rule in pf, not a nat rule as well, so the packet is redirected but maintains...

While creating some VM's with Bhyve + IPv6 I had to create a bridge and therefore the main network card had to be in promiscuous] `promisc` mode. Eventually, I manage the VM's to work but start to notice a strange behavior (mainly timeouts and very slow responses) on the host while trying to...

Hi all, I have the weirdest of the problems. I have a 10.4-release server with Nagios and a bunch of OpenVPN's on it and since I've upgraded to 10.4 from 10.3 after running peachy for a while it starts not removing the states from PF's state table, any state of any protocol. Being a Nagios...

I'm not sure if I am understanding the configuration correctly. pass in log on $EXT_IF inet proto tcp from any to $SERVER port $SSH \ flags S/SA keep state \ (max-src-conn-rate 3/6, overload <blacklist> flush global) I was under the impression that 3 connections within 6 seconds...

There is a network topology which cannot be changed/altered as following: [FILESERVER]---192.168.254.1---->|======| [LANPC1]--------192.168.254.x---->| SWITCH |<--192.168.254.254--[MODEM]--->INTERNET [LANPC2]--------192.168.254.x---->|======| The FILESERVER (FreeBSD 11.1-RELEASE) is running...

Hi all, I am trying to forward traffic from my IPv4 address on port 8000 to a jail's IPv6 address on the same port. Is that possible? My line in /etc/pf.conf is: rdr on vtnet0 proto tcp from any to [IPv4 Address] port 8000 -> [IPv6 Address] port 8000 This comes back with an unspecified syntax...

Hi All Im a linux user making the switch to freebsd, got everything set up except for one last thing Im trying to set up a split route with openvpn and the pf firewall I did read the freebsd manual and a couple of books about pf and googled before posting I have linux up and down scripts for...

Hi, i need to redirect all traffic from a private ip address attested on a local interface, to a public ip address. The old configuration with iptables it's something like this iptables:-A PREROUTING -d $private_ip/32 -i $int_if -j DNAT --to-destination $public_ip iptables:-A PREROUTING ! -d...

Hello, From pfctl man page i know how to flush and disable/enable pf. But how can i remove from CLI only one rule, without full flushing and reload config file ? For example, i add on-the-fly command for port forwarding: echo 'rdr pass proto tcp from any to any port 37 -> 10.0.0.2' | pfctl -f...