Questions tagged [pf]

pf is the OpenBSD Packet Filter, a feature-rich IP-layer firewall used on FreeBSD, NetBSD, and Mac OS X, as well as in the pfSense open-source firewall appliance software.

pf is a Packet Filtering firewall originally developed by the OpenBSD project, and since adopted by FreeBSD, NetBSD and Mac OS X (10.7 Lion & up). pf is also used in the pfSense project's firewall code.

pf features include:

Packet Filtering
Network Address Translation (NAT)
Port Redirection
Packet Queueing / QoS
Load Balancing
"Policy Filtering" (packet tagging)

More information on the pf firewall can be found in the OpenBSD FAQ, including some examples.

143 questions

votes

4 answers

OpenBSD/FreeBSD Firewall w/ GUI that is compatible with Intel 82574L Gigabit LAN NICs

I recently purchased a server to run m0n0wall or pfSense but I've learned since then that both of these firewall products are based on versions of FreeBSD which weren't yet compatible with the NICs in my new server. The SuperMicro server that I…

asked Jul 06 '11 at 16:49

Zen Master

votes

2 answers

Can I create a pf rule involving MAC address instead of IP?

The title is self explanatory. I want to create rules in pf running on OpenBSD 4.9 for perticular MAC address, something like pass in on eth0 from mac 00:04:34:5f:34:33 to mac 34:32:34:06:5e:22 I have read this, but it doesn't help!!

firewall mac-address openbsd pf

asked Jul 09 '12 at 15:01

Vineet Menon

votes

0 answers

pfSense Internal Traffic Policy Based Routing

What is the current and correct way to apply policy based routing to pfSense internal traffic (originating from the firewall itself)? Creating a floating rule with the WAN interfaces selected, direction OUT and a gateway defined does not work…

firewall routing freebsd pfsense pf

asked Nov 07 '15 at 21:27

Monstieur

votes

1 answer

pf slows traffic extremely down

I am running a web and mail server on FreeBSD 9.1. The system is installed on a KVM vServer. Everything works fine - until I enable pf(4). My weblog becomes unconscionably slow. So does all the other traffic, but this is not that annoying. So it…

firewall freebsd pf

asked Jun 07 '13 at 08:26

Steffen

votes

1 answer

pf (Mac OS X) rule to redirect all traffic to a specific ip/port

I'm trying to recreate this iptables setup (from https://github.com/darkk/redsocks) with pf: iptables -t nat -A REDSOCKS -p tcp -d 10.0.0.0/8 -j REDIRECT --to-ports 12345 iptables -t nat -A OUTPUT -p tcp -j REDSOCKS I want to redirect all…

iptables mac-osx redirect nat pf

asked Jul 29 '15 at 12:43

bkolobara

votes

2 answers

How to block MAC address in pf firewall

I want to block particular MAC address on PF firewall. I know PF firewall works on the Layer 3 i.e it operates on the IP addresses rather than MAC address.But is there any way to block the MAC address on pf firewall

freebsd openbsd pf

asked Mar 11 '15 at 04:38

user229957

votes

1 answer

Block Google requests to 16k using pf firewall

I'd like to block access to Google search using PF after the threshold of 17500 requests (connection established) in 24h, from a host running FreeBSD 9. What I came up with, after reading pf-faq is this rule: pass out on $net proto tcp from any to…

security firewall freebsd filtering pf

asked Oct 31 '12 at 14:51

atmosx

votes

1 answer

OS X 10.8: redirecting locally initiated ssh connections to localhost:22

I need to hack the OS X pf to redirect all ssh connections from an user to this machine. I want, when doing $ ssh google.com to get the same results as with $ ssh localhost ie a connection to my locally running sshd. Under a recent Linux, this…

routing nat apple pf ipfw

asked Aug 26 '12 at 00:51

foxx1337

votes

1 answer

How to check pf's queues?

I use FreeBSD and working with pf+ALTQ now. Something doesn't work and I need a tool to view what requests are marked and moved to a queue "queue_name" Need something like pftop but showing queues. Can anyone help?

freebsd queue pf

asked Jun 09 '11 at 11:37

Sergey

votes

2 answers

Why add "keep state" to pf firewall rules

If pf is a stateful firewall and keeps state by default, why do so many rulesets explicitly mention keep state?

firewall pf

asked Aug 21 '22 at 20:16

ahron

votes

1 answer

Changing PF rules on the fly to mitigate damage of DDoS (OpenBSD 6.4)

This is a two part question, really. Keep in mind that I am a developer not a system admin, but being the only employee in the company, I wear ALL the hats. I have deployed my server with two firewalls running on CARP for load balancing/redundancy…

scripting ddos openbsd pf carp

asked Nov 18 '18 at 15:19

Miguel

votes

1 answer

PF vs -m of iptables

As you know, iptables has -m (match) such as : -m string -m state -m -iplimit and so on... My question: Does PF has similar features such as -m of iptables?

iptables pf

asked May 16 '15 at 11:38

PersianGulf

votes

3 answers

How can one redirect to a new host all traffic destined for an old host?

We're moving a bunch of services, say from 1.2.3.4 to 5.6.7.8. In order to test that the new services are correctly configured, we'd like to redirect (to the new host) all traffic destined for the original host that originates from our testing…

mac-osx ip tcp redirection pf

asked Mar 22 '15 at 12:16

eggyal

votes

1 answer

PF Firewall on OSX with IceFloor

I have set up pf using IceFloor on my OSX 10.9 system running Server 3.0.2. Everything seems to be fine except that I can not connect to the system using the DNS name or the public IP from localhost. E.g. I can connect to http/port 80 from the…

firewall mac-osx pf

asked Jan 12 '14 at 13:39

lluuaapp

votes

1 answer

routing table vs PF precendence

I am wondering when a packet reaches an interface and I have some PF rules, which gets checked first, the routing table or the ruleset? ext_if = "em0" int_if = "em1" localnet = $int_if:network VPN_if = 172.16.0.110 nat log on $ext_if from any to…

routing freebsd pf

asked Jan 01 '14 at 16:51

nawar

2 3

…

9 10 Next