pf.conf

Hi pals, I am trying to modify a pf.conf that I copied from someone else but my changes don't work. I copied this configuration to let my Bastille Capsule be expose over the outside, unfortunately, since my cheap VPS is very small, Bastille has become a burden and I would like to move GMID, my...

I can access the BVCP web interface on my FreeBSD workstation when I have the PF firewall disabled, but whenever I have PF firewall enabled and try to connect to a BVCP web interface, I get the following error: "Unable to connect to Backend module". I would expect it to work if I open inbound...

I decided to post a simple working setup from my FreeBSD box to help others that were struggling to find a working system to learn from like I was. This isn't meant to be an end-all solution but rather a reference and learning opportunity and I would gladly accept help and suggestions on how to...

In /etc/pf.conf I currently have: icmp_types = "{ echoreq unreach }" ... pass inet proto icmp icmp-type $icmp_types pass inet6 proto icmp6 However, I thought maybe it would be prudent to tighten up the IPv6 rule a bit, so I changed it to: icmp_types = "{ echoreq unreach }" icmp6_types = "{...

Hi there. I have a VPS running nginx as web server, local unbound, local maria-db and sshd. I'd be glad if anyone could confirm that I have no weird rule for the main server purposes I listed above and so that I'd continue studying PF. :) So this is my pf.conf (FreeBSD 13) (the table "f2b"...

Hi all, Could somebody with some knowledge and experience have a look at my pf.conf before I start using it, to make sure I'm not doing anything stupid with it? I am using FreeBSD 12.2 on a laptop connected via wifi to my ISP router and the VPN provided for work. I am using OpenVPN and...

nat log (to pflog0) on if0 from 192.168.0.1 tag TAG_PASS tagged TAG_EX -> (if0) label "test" nat log (to pflog0) on if0 from 192.168.0.1 tag TAG_PASS tagged TAG_EX -> (if0) label "test" nat log (to pflog0) on if0 from 192.168.0.1 tag TAG_PASS tagged TAG_EX -> (if0) label "test" no nat from...

Hi Guys, i don't find nothing on the net about GeoIP for PF, I searched a lot but nothing, I need to block states or create a white list of states that can access the server so I can make things easier for myself, could anyone help me? place here at the bottom of my pf configuration that is...

Hello everyone. to the point, I would to ask something about port portforwarding. is portforwarding very slow connection? My friends opened my server actually is really fast (about 20ms). But when I opened it, it is very slow to opened the web from the my ip public. sometime when I opened it is...

Hello, This morning I found sending gmail emails via Gnus stopped working. It used to be working since I checked my Gnus 'sent' folder and there are mails I sent several months ago. Gnus/5.13 (Gnus v5.13) Emacs/26.1 (berkeley-unix) Sending via mail... network-stream-open-starttls: make client...

Hi all, I have an issue with my PF rules and I would like to understand why this is happening and how to solve it. I have very basic knowledge of PF and this is kind of learning curve for me. I have gitea server https://www.freshports.org/www/gitea/ running inside a jail in a vm. It works...

I think that I'm being somewhat ambitious and I'm finding that I'm getting some horrible issues as a result. Firstly, what I'm trying to achieve. The way that I have tried to set up this network in the past was that the router was in the DMZ and that it passed some traffic (HTTP/S) through to...

Total head-smacker, but for posterity (and for the next poor sap googling "pf won't start at boot") Do not use hostnames in your pf.conf or any tables loaded by your configuration. While it is not invalid, and will work just fine with a pfctl -nf /etc/pf.conf check of the syntax or a pfctl -f...

I've been pulling my hair out over this for days! I have a VM, jails on a loopback interface and using IPFW to NAT the traffic. My findings show that it slows to a crawl. I've also tested with PF and it works like a charm. Network speeds within the jail are fine. I've tested this on Vultr...

All, Any update as to whether ALTQ (with PF) will be supported with ixgbe cards (or not)? Have been hoping that some traction may have been gained, but haven't been able to use this functionality for quite a few versions. FYI - the manual page for ALTQ lists ixgbe as "supported", but get the...

Hey Guys. Following problem: Inside a jail I can ping my nameserver, i can ping someones ip adress but I cant ping a domain name. I cant install pkg or anything else inside a jail, because its not working. I set up my jails with ezjail. I created a fresh jail but its not working. I have set my...

I am using freeBSD 11.1-RELEASE-p6 on a raspberry PI and I can't get it to route email out though a pptp tunnel instead of the default route through the ethernet connection. If I change smtp_bind_address in postfix main.cf to the pptp tunnel address I can see the correct from address in pflog...

Hi, How to properly redirect traffic from local network to domain. I have nginx, php, mysql, wordpress etc. When I am trying to open website not in wordpress using set domain it won't open, but outside network people can open without any issues. When trying to open on local address it works...

Hi, Quick question. What could be the issue why I cannot ping my jail from local machine or local machine from jail? I thought it is pf.conf rdr somewhere wrong but now I am thinking about routing table not right. I can access anything from outside to jail. I have teamspeak3 server and if I...

Hello there, I have a jail inside a VM. I installed Gitea inside the Jail and configured PF (nat) to forward traffic coming on port 2000 to the jail port 3000 (The gitea web application) and left port 10000 for the ssh (for git) inside the jail. All is okay so far till recently I checked my...