Questions tagged [ipfw]
The ipfw tag has no usage guidance.
23
questions
1
vote
0
answers
30
views
Issue with ng_ipfw, ng_bpf, ng_tag testing commands
Update my issue with more details provided below :
Summary of the ng_tag Command Issue
Querying BPF Filter Status
When using Berkeley Packet Filter (BPF) filters, you can use the getstats command to ...
- 11
0
votes
0
answers
26
views
blacklistd on freebsd not consistently blocking on ssh timeout
Roughly every minute, I'm getting the following in my log:
sshd[####]: fatal: Timeout before authentication for 118.26.194.190
There are many hundreds, this has been happening for hours.
# grep 118....
0
votes
1
answer
906
views
What are the consequences of blocking incoming UDP port 68 on my computer?
In a FreeBSD 13.1 install, I enabled the IPFW firewall and set firewall_type="workstation" in /etc/rc.conf. This allows outgoing requests, while denying incoming requests. When I checked the ...
- 2,978
0
votes
0
answers
132
views
Route vpn traffic to second iface on Freebsd
im switching Linux home router to FreeBSD.
It has two network cards - ue0 connected to Internet and
ue1 connected to lan internal network.
I need to run vpn connection on eu0 and forward all ue1 ...
- 1
0
votes
1
answer
437
views
GEO IP block in IPFW on FreeBSD
I would like to start blocking specific countries from accessing my servers. Are there any tools or scripts that can set up a GEO IP block list to inject into IPFW as rules?
I've seen a few references ...
- 166
0
votes
0
answers
1k
views
simple ipfw configuration with nat on FreeBSD with two nick and dhcp
anyone can write down a simple ipfw configuration with nat and two nick with dhcp ?
This is my configuration:
ue0 --> dhcpd server and lan
ue1 --> dhclient and internet with other router
And ...
- 166
3
votes
1
answer
1k
views
History of programmatic interfaces to iptables, ipchains, and ipfw
I had to do some fiddling with iptables rules from Go recently, and I noticed both docker's and coreos's wrapper libraries exec() out to the iptables command and screen scrape the standard output. ...
- 31
0
votes
2
answers
315
views
How to use interface name instead of IP addresss on IPFW?
add 04000 allow IP from 192.168.1.10 to ca-vancouver.privateinternetaccess.com keep-state
I want to change to epair0b because I want to avoid hardcoded IP address and I would like to use DHCP instead
...
- 103
2
votes
0
answers
564
views
Setting up openvpn with a killswitch in a freebsd jail
I'm trying to setup a kill switch so that if OpenVPN becomes inactive all other connections will be blocked. I tried to adapt this Linux set up, but it doesn't seem to work on FreeBSD.
This is my ...
2
votes
1
answer
1k
views
Blacklist IP file for `ipfw`?
My /etc/rc.firewall file contains the following additional lines created by me, with the purpose of banning attacker's DDoSers IPs:
${fwcmd} add deny ip from 122.228.19.80/24,\
...
- 21
2
votes
0
answers
170
views
ipfw dummynet per ip fair traffic shaping
I want to shape traffic in such way, that no specific user could exhaust WAN connection that much so other users would be affected. I have ISP link with 100Mbits/s bandwidth and sometimes some users ...
- 21
1
vote
1
answer
1k
views
Does not write logs into /var/log/security after I modified this file
I run a script that modifies /var/log/security.
If someone tries to connect to my server via ssh, this event writes into /var/log/security.( I have set firewall_enable="YES" and firewall_logging="...
- 15
1
vote
1
answer
146
views
Incomplete documentation for FreeBSD ipfw
When I see the official documentation of ipfw or the man pages it seems that it is sometimes incomplete. Specifically, there are a lot of options like,
firewall_myservices
firewall_allowservices
...
- 414
2
votes
2
answers
2k
views
Firewall ipfw in FreeBSD
I have a doubt respect to the functionality of the IPFW firewall in FreeBSD. My scenario is the following:
All these machines are running FreeBSD, and all of them are virtual machines. The thing is ...
- 121
2
votes
1
answer
833
views
working netgraph configuration for ipfw and ng_bpf on FreeBSD
I'm trying to get a raw BPF bytecode packet filter working on FreeBSD using a combination of ipfw with ng_ipfw, ng_bpf and ng_tag.
However none of the documentation or presentations I can find ...
- 271