All Questions
26
questions
0
votes
1
answer
889
views
FreeBSD: PF / pf.conf forwarding rule between interfaces
I would like to set up a simple forward rule (not port forward!) on FreeBSD 12.3 that filters based on received-on interface and going-out-on interface. IP networks should not be part of the rule as ...
4
votes
1
answer
530
views
Should changing firewall settings to block all interrupt ongoing ssh session
Suppose I am logged into a server via ssh. While in the session, I change the firewall config to block all traffic.
When I tried this previously with FreeBSD and pf, the current connection was broken. ...
1
vote
1
answer
384
views
Howto block all SSH connection attempts coming in from $extif
What is the PF notation to block on $ext_if all incoming SSH connection attempts?
$ext_if is the interface pointing toward the internet. Somthing like:
block quick in on $ext_if proto tcp to port 22
...
2
votes
1
answer
722
views
blacklistd not blocking addresses
I've enabled the PF(4) firewall and blacklistd(8). Although IP addresses are being added to to blacklist, I can still see multiple failed attempts from a single IP address. Yet when I test it myself, ...
6
votes
1
answer
2k
views
NAT outbound IPSEC packets using pf on FreeBSD 11 and StrongSwan x FortiGATE
I've been working for more than a week trying to get outbound packets nat'ed to fit a Security Association.
This is my (example) scenario:
LAN: 1.1.1.0/24
FreeBSD interface: xn0 (Amazon EC2 ...
4
votes
2
answers
1k
views
Is there a difference between re0 and wlan0?
I am new to FreeBSD and trying to set up a firewall with pf on my laptop. The machine is connected to the internet via wifi.
On writing rule sets in /etc/pf.conf, some tutorials say to spell out the ...
1
vote
3
answers
689
views
Totally open FreeBSD router in VirtualBox
TL;DR - I'd like to set up a FreeBSD VM with one network card on my home LAN (192.168.1.0/24) and one on a private-internal-to-virtualbox network (10.9.9.0/24) and pass any and all traffic back and ...
1
vote
1
answer
537
views
Set $ext_if, $int_if, $localnet in PF
I am currently trying to get familiar with the basics of PF on FreeBSD.
I am trying to setup the most basic example from the PF chapter in the FreeBSD handbook, the simple bruteforce rules:
block ...
1
vote
0
answers
87
views
Can a block rule on PF add the src ip to a table
So on iptables I can make deny rules act as honey pots by adding ip's that hit the rules to a list that another rule is used to block all traffic from.
I am trying to achieve the same thing on PF, ...
1
vote
0
answers
1k
views
FreeBSD load balancer implementation
I have a program, which cannot be used in multiprocess\multithread mode, so it eat one CPU core, others cores are free, but RAM and network bandwidth usage near to 10% from max.
The server for the ...
0
votes
1
answer
943
views
pf: Forwarding all packets on port 80 from any interface to SOCKS proxy
I'm trying to forward any packets on port 80 from any interface to my SOCKS proxy (Server). I'm not sure if I have it set up correctly but I can't get it to forward the packets.
I create a SOCKS ...
2
votes
1
answer
2k
views
Slow VPN speed strongswan on FreeBSD
I put up a VPN server with strongswan 5.4.0 on FreeBSD 11.0-RELEASE-p1 on a RaspberryPi 2. So far it works fine, but the speed is varying and also much slower than on Raspian which I used before.
...
3
votes
1
answer
2k
views
Freebsd: pf firewall doesn't work on restart
I'm running FreeBSD 10.3 p4 and observed some strange behavior
When restarting the machine pf starts due to /etc/rc.conf entry
# JAILS
cloned_interfaces="${cloned_interfaces} lo1"
gateway_enable="...
2
votes
0
answers
255
views
pfctl - How to forward ip address in Mac OS Yosemite
How to forward all traffic to an external site 172.16.19.211:5001 to 127.0.0.1:5000 ?
These docs have details about port forwarding but still ip forwarding is unclear.
http://www.openbsd.org/faq/pf/...
5
votes
2
answers
2k
views
Accessing ports on public IP from within a FreeBSD jail
In a FreeBSD 10 setup, I have a jail running the publicly accessible nginx web server and another jail for the Java backend server based on Jetty. Each jail has its own internal IP address 127.0.1.x ...