Hello,
I’m using pf on a FreeBSD 14.1-RELEASE and I have this kind of rules:
block in log quick proto tcp from <datacenteripv4> to $ext_if port 22 label "datacenteripv4 ssh deny"
When I display statistics by labels, many lines are duplicated, but with different metrics:
# pfctl -s...
Hi.
I'm confused a bit about where to put my whitelist table (containing IPs that shouldn't get blocked). My current configuration does not whitelist my <whitelist> table. This is the trimmed pf.conf file of mine;
ext_if="re0"
table <whitelist> persist file "/var/pf/whitelist.txt"
table...
Hi. In PF rules, could someone explain the differences between;
nat on $ext_if from ($int_if:network) to any -> ($ext_if:0)
and
nat on $ext_if from ($int_if:network) to any -> ($ext_if:0) port 1024:65535
On the second rule, what does port 1024:65535" actually do in terms of NAT?
"$int_if"...
Greetings. I have public NIC with few public IPs assigned;
$ext_if = my external NIC with my public Internet addresses
$public_IP_1 = one of my public Internet IP (assigned as an alias and working on $ext_if)
And 10.10.10.2 is my jail running on FreeBSD 14 host machine.
I have the following PF...
Hi there, I am trying to setup a simple PF firewall with dummynet and
despite all my efforts I am failing. I would appreciate a helping
hand, thank you. Below is the setup description and all the details
that might be useful. I've been trying to apply pass rule for the pipe
on different...
Hello,
I'm running FreeBSD-13.2 armv7 on a raspberry pi v2 featuring 1GB RAM.
When enabling pfctl the system crashes and then reboots. Here is the basic kgdb output:
GNU gdb (GDB) 13.2 [GDB v13.2 for FreeBSD]
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3...
Hi,
I have a software that deploys a DNS forwarder and uses PF to redirect local DNS requests to the forwarder. All of sudden this schema stopped working and I am trying to figure out what could be the problem.
I am troubleshooting the issue and trying to verify every piece. My question is...
I am trying to create a script that looks at an existing stateful connection and tries to figure out if it's using the most preferred gateway according to the pf ruleset (policy). Is there a way from a console terminal, to determine what gateway would be used for new connections to a certain...
I have a PF table defined in my .conf file to which my server automatically adds bad traffic. There are a bunch of different systems that will block an host for various reasons, and for various amounts of time. However rather than relying on PF itself to 'expire' old rules, I manage that myself...
EDIT: the problem is solved
Hello,
i had used Debian at the last several years and i'm very new to FreeBSD.
I tryed to port my configuration for fail2ban from my Debian machines to FreeBSD (with the modification due the firewall has changed).
In my testing phase i have found out that the...
When trying to start pf with service pf start, I get the following error message:
Enabling pfpfctl: /dev/pf: No such file or directory
pfctl: /dev/pf: No such file or directory
pfctl: /dev/pf: No such file or directory
My Jails are confiugred in /etc/jail.conf:
# Global Stuff
exec.start...
I run a FreeBSD 10.3-RELEASE-p14 server with a PF firewall. Few days ago I've activated the local unbound server for caching purposes.
My pf rules have been created few years ago and work well. They include some persistent table definitions with either IP addresses or hostname or both:
table...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.