ipfw rules: 00106 6969 668555 deny ip from 104.0.0.0/8 to me rinetd.log: 17/Apr/2024:09:35:28 104.196.54.86 ..read more

Dear community, I have read How to Submit a Bug Report and no idea if this is worth reporting or which category to choose or if this is worth anyone's time who would receive a bug report. But I can reproduce it so I thought I post here. I'm running FreeBSD 14.0-RELEASE-p6 (coming from 13, I upgraded from there) with csh as root shell where I ran the below sequence of ipfw commands. Spoiler: sequence of commands that led to the error Code: sysctl net.inet.ip.fw.tables_sets=1 ipfw set 0 table ADDR add anything ipfw set 0 table all list ipfw set 0 table ADDR add anything 255.255.255.255 ipf ..read more

SSHGuard in combination with pf on FreeBSD 14.0-RELEASE (fresh vanilla installation on Hetzner VPS) is behaving strangely. After starting, it either terminates immediately or after some variable time, indicating a potential issue with pf. Below are the details: System Info: Code: FreeBSD myserver 14.0-RELEASE-p6 FreeBSD 14.0-RELEASE-p6 #0: Tue Mar 26 20:37:02 UTC 2024 root@arm64-builder.daemonology.net:/usr/obj/usr/src/arm64.aarch64/sys/GENERIC arm64 1. Apparent Undeterministic Behaviour 1.1 First Start Attempt - terminates immediately Code: root@myserver:~ # export SSHGUARD_DEBUG=1 ..read more

Hi, I'm relatively new to PF anchors, so forgive me if I'm missing something basic. I'm currently trying to allow a pass on TCP port 4840 using anchors and testing on a client to see if I can connect. After configuring the anchor, it still doesn't seem to allow the port to pass. However, If I manually edit the anchor file and reboot it works. The command I'm running to open the port is: Bash: echo "pass in quick proto tcp to port 4840" | doas pfctl -a "bhf/tcopcuaserver" -f - This adds the port, and I can see the rule added to the anchor. However, I can't connect with my client still ..read more

Hello, i need some help understanging ipfilter and its statefull behaviour. I have created a ipsec tunnel with strongswan which is policy based. On the bsd router re1.7 it has the IP 10.111.7.254/24. I wan't to reach the device 10.111.7.1 that is connected to the bsd router. Wan is connected on re0 to the bsd router. On the remote side i have the Workstation 192.168.168.20 from which i want to connect to 10.111.7.1. When i check the routing it gives me re0 as Interface, which i think is how strongswan handles policy based VPN. netstat -rn 10.111.7.0/24 link#6 U re1.7 10.111.7.254 link#6 UH ..read more

Are there any plans to implement divert to socket functionality for PF ..read more

Hello, i am setting up a bsd router with ipfilter. My external network is on em0 with pppoe and an dynamic ip address via pppoe/dhcp. I already checked the manual but i could not find an predefined variable to get the interface IP in a ipf rule set. With a static wan IP i would create a rule like this pass in log quick on em0 proto tcp from 1.2.3.4 to 77.18.22.78 port = 22 flags S keep state But as this is a normal DSL Connection my wan address keeps changing. So i need a way to automatic update the interface IP in the rule set. pass in log quick on em0 proto tcp from 1.2.3.4 to em0.ip port ..read more

Hello! I'm having a problem getting dns connectivity for my windows computer on the LAN.I have tried with linux from the LAN and it works, but not if I use a windows machine(tried with two different windows machines). Below are my /etc/ipfw.rules and /etc/rc.conf. Any ideas on what could be wrong? #!/bin/sh # Flush existing rules ipfw -f flush wan=igc0 lan=ue0 # Block all IPv6 traffic ipfw add 5 drop ip6 from any to any # Allow all traffic on the LAN ipfw add 10 allow all from any to any via $lan # NAT rule for LAN to WAN traffic ipfw add 15 divert natd ip4 from any to any via $wan ..read more

Hello! I'm having a problem getting dns connectivity for my windows computer on the LAN.I have tried with linux from the LAN and it works, but not if I use a windows machine. Below are my /etc/ipfw.rules and /etc/rc.conf. Any ideas on what could be wrong? #!/bin/sh # Flush existing rules ipfw -f flush wan=igc0 lan=ue0 # Block all IPv6 traffic ipfw add 5 drop ip6 from any to any # Allow all traffic on the LAN ipfw add 20 allow all from any to any via $lan # NAT rule for LAN to WAN traffic ipfw add 50 divert natd ip4 from any to any via $wan # Allow outbound DNS traffic on WAN ipfw add ..read more

Hello! I have a problem getting dns connectivity for my windows computer on the LAN.I get connectivity from the lan in linux but not if I use windows which is strange. Below are my /etc/ipfw.rules script and my rc.conf. Any ideas why I can't get dns connectivity for my windows machine on the LAN? #!/bin/sh # Flush existing rules ipfw -f flush wan=igc0 lan=ue0 # Block all IPv6 traffic ipfw add 5 drop ip6 from any to any # Allow all traffic on the LAN ipfw add 20 allow all from any to any via $lan # Allow outbound ping ipfw add 45 allow icmp from any to any out via $lan # NAT rule for L ..read more