Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pf]

pf is the OpenBSD Packet Filter, a feature-rich IP-layer firewall used on FreeBSD, NetBSD, and Mac OS X, as well as in the pfSense open-source firewall appliance software.

pf is a Packet Filtering firewall originally developed by the OpenBSD project, and since adopted by FreeBSD, NetBSD and Mac OS X (10.7 Lion & up). pf is also used in the pfSense project's firewall code.

pf features include:

  • Packet Filtering
  • Network Address Translation (NAT)
  • Port Redirection
  • Packet Queueing / QoS
  • Load Balancing
  • "Policy Filtering" (packet tagging)

More information on the pf firewall can be found in the OpenBSD FAQ, including some examples.

143 questions
0
votes
0 answers

Real meaning of "in" and "out" regarding a virtual network

I am confused, I thought I understand those basics but now I'm not quite sure any more... Considering that conf : cloned_interfaces="lo7" ifconfig_bce0="dhcp" ifconfig_bce0_alias0="inet 192.168.0.1/24" ifconfig_lo7="inet 192.168.0.2/24" And that…
Psyloh
  • 11
  • 4
0
votes
2 answers

pf shortcuts for block quick

Looking at https://www.openbsd.org/faq/pf/shortcuts.html it's not clear to me if these are the same- block quick from and- block in quick from to any block out quick from any to similarly, I wonder if this is…
hotkarl
  • 165
  • 2
  • 10
0
votes
1 answer

Restrict client IP address on OpenVPN using TAP interface

I've set up an OpenVPN + PF setup on a FreeBSD 10.3 server. Clients to my VPN include administrators, which should have full access to the network and untrusted users who should ONLY be able to access a couple of IP addresses. I used…
Imanol Barba Sabariego
  • 3
  • 7
0
votes
1 answer

DNS lookup to localhost gives network error

I am running a recursive DNS server on Unbound in a jail on FreeBSD with pf as a firewall. Running drill @xxx.xxx.xxx.xxx example.com (where xxx.xxx.xxx.xxx is the servers IP) on my local machine yields me with a successful lookup. However, if I try…
Draon con Color
  • 29
  • 1
  • 4
0
votes
1 answer

apache / mysql unable to connect jails with PF firewall

I have setup two jail environments on FreeBSD11 root@ns312773:/etc # jls JID IP Address Hostname Path 1 10.6.6.6 www /usr/jails/www 2 10.6.6.7 dbs …
khinester
  • 203
  • 1
  • 9
0
votes
1 answer

pf port forwarding

I've got the basics of my pf firewall/NAT router setup working; traffic going out fine, DNS requests on port 53 mapped into an internal subnet and back out again successfully (no change in port number). But I'm stuck at a port forwarding from the…
Devin Ceartas
  • 1,478
  • 9
  • 12
0
votes
1 answer

using pf for packet filtering and ipfw's dummynet for bandwidth limiting at the same time

I would like to ask if it's fine to use pf for all packet filtering (including using altq for traffic shaping) and ipfw's dummynet for bandwidth limiting certain IPs or subnets at the same time. I am using FreeBSD 10 and I couldn't find a definitive…
krdx
  • 171
  • 4
  • 10
0
votes
0 answers

FreeBSD - How can I let server A get web access via server B over a specific port?

Setup: Server A: FreeBSD 10 - IP: 100.100.100.100 Server B: FreeBSD 9 - IP: 200.200.200.200 Both servers use pf.conf. Desired result: I want server A to be able to get web access (port 80) via server B over a specific port (ex: 3333). How would…
Kaah
  • 141
  • 7
0
votes
1 answer

correctly setup PF with loopback interfaces for nginx proxy

I am trying to run couple of freebsd jails for my web server and application server, which is running node.js I have one network card (igb0) with a custom loopback interface (lo666) for which i have created 3 aliases, here is part of my…
khinester
  • 203
  • 1
  • 9
0
votes
1 answer

PF firewall frontend

I'm running FreeBSD 9.2 and the PF firewall. I'm looking for an easier/faster way of adding and modifying my PF rules. Preferable a simple web ui. Is there any software like this available? I've found pfw but that looks dead.
Daniel Johansson
  • 355
  • 5
  • 13
0
votes
1 answer

FreeBSD pf Egress Filtering

I am attempting to build a simple pf.conf which includes NAT allowing traffic out of the network from all systems on a select series of ports. In my basic configuration I have an internal server that hosts HTTP/HTTPS which will be accessible from…
Blackninja543
  • 195
  • 1
  • 1
  • 9
0
votes
2 answers

Packet Filter configuration to restrict traffic to the local host

I have been running a pf based filtering router on OpenBSD 4.3 for about a year now. My current task is to set up a new network segment for hosting our external sites. My aim is that machines set up in this network segment should not have any more…
Michael Shaw
  • 673
  • 4
  • 9
0
votes
1 answer

pf not execute udp port specific block rule

The traffic I want to block can be sniffed as below with tcpdump: 19:16:22.391164 IP 95.95.95.95.2036 > 10.10.10.10.443: UDP, length 8192 So I wanted to write a rule block any udp destination port 443 traffic. block drop quick on igb3 inet proto…
seaquest
  • 698
  • 2
  • 12
  • 25
0
votes
1 answer

PF tagging then adding to table

could someone please provide an example on how to add a tagged packet to a table? I have found commands to do it from the command line but can you setup a specific rule to do it inside of pf.conf? Thanks. This is all in regards to PF...
kernelPanic
  • 99
  • 1
  • 7
0
votes
2 answers

How to run python script which required root privilage for execution in apache with mod_python at openbsd

I am trying to run python script in Apache 2.x with mod_python. I edited httpd.conf with publisher LoadModule python_module /usr/local/apache2/modules/mod_python.so SetHandler…
Uday Pratap Singh
  • 1
  • 1
1 2 3
9 10