I have an issue with my PF rules and I would like to understand why this is happening and how to solve it. I have very basic knowledge of PF and this is kind of learning curve for me.
I have gitea server https://www.freshports.org/www/gitea/ running inside a jail in a vm. It works...
I am considering a pf rule like this:
pass in on $ext_if inet proto tcp
to ($ext_if) port $myssh keep state
(max-src-conn 9, max-src-conn-rate 2/5,
overload <blocked_guests> flush global)
But I am not sure if allowing ssh connections only from a whitelist (ssh_clients) will...
Hi I'm trying to set up a miniDLNA server inside a jail. When it's inside a jail, my LAN clients cannot access it. But if miniDLNA is installed outside of the jail, my LAN clients can successfully access it.
My jail has it's private IP (192.168.60.3) address on host's lo1 interface. I then...
I've had no problems with my PF rules for a while, until recently I installed FreeRADIUS. The problems I'm having now is that I don't seem to grasp the logic of PF rules. What I need is let in packets on port 1812 (radius) and block all the rest.
Here is the ruleset I've created...
I'm trying to setup port multiplexing using sslh importantly I have to use that nice 'transparent' feature that makes traffic from sslh distributed locally to look like it comes from external interface. It looks something like this :
Browser[A]-----------[http/ssl]-------> sslh[B 443]...
I have a jail inside a VM. I installed Gitea inside the Jail and configured PF (nat) to forward traffic coming on port 2000 to the jail port 3000 (The gitea web application) and left port 10000 for the ssh (for git) inside the jail.
All is okay so far till recently I checked my...
I am trying to forward traffic from my IPv4 address on port 8000 to a jail's IPv6 address on the same port. Is that possible? My line in /etc/pf.conf is:
rdr on vtnet0 proto tcp from any to [IPv4 Address] port 8000 -> [IPv6 Address] port 8000
This comes back with an unspecified syntax...
I recently jailed my externally-web-accessible services for security reasons. I currently have two separate jails:
vpnjail: this jail hosts rtorrent, and connects to the outside world over a persistent openvpn connection on tun0.
webjail: this jail hosts standard webservices such as...
I am trying to setup OpenVPN server on FreeBSD 11 but I am not able to access Internet from Linux client. Ping an SSH connection to VPN server works.
I am using the same config with different OpenVPN server running on CentOS without any problems.
No firewall yet on either side.
Error log on...
I have a VPS on Digitalocean which I used mfsbsd to reinstall FreeBSD with ZFS/zroot with PF as my firewall. My plan with this VPS is to run wordpress, a static site and owncloud each in their own jails. Currently, I use nginx on the host machine running as a reverse proxy, intercepting https...
Can anyone tell me if PF can be by-passed by an outsider(intruder)? I have an IP address that has already been in my ip.blocked table for two days and still its scans reach the web platform of the site where it is blocked by a firewall add-on/plugin at application level.
Any help is welcome.
Hi, I just wanted to ask for feedback or improvement suggestions on my PF ruleset made for host and 10-ish jails serving apps and web.
I'm particularly interested in suggestions on rule ordering, if it can be improved and optimized as well as suggestions on section for connection...
I have a problem with my PF it seems after all verification made with pfctl -vnf /etc/pf.conf NOT with the rulesets but number of tables and the size of it. Can be adjusted this situation? I can't control the size of tables for zones because are country based IP net blocks.
So first I...
I just recently started using PF so bear with me.
What I want my firewall to do is to block all incoming traffic except SSH and HTTP. Furthermore, I'd like to blacklist the IPs that try to bruteforce SSH.
After a few hours of reading this is what I can up with: