pf-firewall

  1. U

    PF route-to example

    Hi, I would like to ask if anyone could point me some examples of route-to with pf. thanks in advance
  2. K

    PF PF rules for a DNS server

    Hello FreeBSD fellows. I have an authoritative nameserver (PowerDNS) server running as: ns1.mydomain.com, hosting the DNS records of my domains, and communicating with my secondary/slave nameserver, for DNS record changes&updates. I've implemented PF, however I'm not really sure if I managed to...
  3. K

    PF Centralize PF for all the VMs on host machine, or separated PFs for each VM?

    Hello. I'm preparing to manage few VMs under FreeBSD bhyve, and focusing on implementing a good set of PF rules on the main host machine. I wanted to ask for your opinions, is it wise to have a rule like; pass in/out quick on vm-publicswitch all (vm-publicswitch containing all the IP ranges...
  4. K

    PF Tightening PF conf even further for my mail server?

    Hello there. I've completed setting my mail server up. Just for the sake of security and connection stability, I tried to implement PF firewall as well, for my services. Before I proceed and move my mail server into production, could someone please take a quick look at my pf.conf file and give...
  5. nbari

    how to route traffic from the interface that arrives

    I am announcing an IPv6 prefix via OSPF (bird2) to some routers, from the routers I can reach/ping the FreeBSD server, but I not from the internet: (internet) | | R1 --------- R2 \ / FreeBSD I am peering the node via wireguard using link-local and if I...
  6. Sivan!

    Set: not found???

    Named starts on a FreeBSD 13.1 release desktop, apache24 It works! but I have this error: named status /etc/rc.conf: Set: not found /etc/rc.conf: Set: not found named is running as pid xxx. Relevant entries in my /etc/rc.conf syslogd_flags="-ss -vv" sendmail_enable="NONE" ... etc...
  7. marschro

    Solved pf.conf:26: rule expands to no valid combination

    Hi all, can anyone tell me what's wrong in line 26? I get the mentioned error when starting pf: pf.conf:26: rule expands to no valid combination I used this config for years and now migrated from digital ocean to AWS with FreeBSD 13.1 Every hint appreciated. Kind regards, Martin 1 # Set...
  8. K

    PF Allow DHCP within PF

    In terms of PF rules (enabled, actively running in my VPS), which way is the best way to allow a DHCP server (of my VPS provider) connect&define an IP to my VPS without any prevention? 1- pass quick proto udp from any to 255.255.255.255 or 2- pass in quick on $ext_if inet proto udp from any...
  9. K

    PF A weird PF whitelist problem

    Under FreeBSD 13, I'm using PF and it was working fine till today. I've a <whitelist> table that I suspect it's not really working with PF. Any IPs within that file (table <whitelist> persist file "/var/pf/whitelist.txt") seems still getting blocked by PF, as I see through real-time by the...
  10. nbari

    PF HAproxy - FreeBSD shows good performance but pf (the firewall) eats half

    From https://www.haproxy.org/ in the Reliability section I found: What set of tests/pf rules can be used to benchmark this? I am using the latest HAProxy 2.4 & PF under FreeBSD amd64 and so far working fine, but I would like to know if there is something I could consider of fine-tuning either...
  11. A

    PF Redirecting port traffic through alternate interface

    Hello, I would like to send port 80 and 443 traffic out one interface while all other traffic goes via another. Specifically, I'd like all 80 and 443 traffic to go out the wifi interface while all other traffic goes out the wired ethernet interface. I tried various filtering rules to no avail...
  12. I

    Are pf for FreeBSD and pf for OpenBSD the same?

    I saw in this status report about: Ethernet support for pf pf syncookie support and would like to clarify: Isn't pf develped by OpenBSD? And if so, would these be the same development for pf in OpenBSD and these same features would make its way into OpenBSD as well? And if not, pf for...
Back
Top