Freebsd #1

Freebsd #1

Just few excerpts of FreeBSD configs 🙂

PF

PF is stateful firewall similar to iptables in Linux. Rules are evaluated from upside down and the last matched rule wins (unless previous one has „quick“ statement). To list rules and statistics:

pfctl -vsr

Reload rules and exmaple ruleset:

pfctl -f /etc/pf.conf

ssh = „{ 22 }“
table <abusive> persist
scrub in all
rdr pass log on em1 proto icmp from any to 192.168.57.200 -> 192.168.43.11
rdr pass log on em1 proto icmp from any to 192.168.56.101 -> 10.0.2.15
rdr pass log on em1 proto tcp from any to 192.168.57.200 port 80 -> 192.168.56.102 port 999
nat log on em1 from 192.168.56.101 to any -> 192.168.56.102
#nat-anchor „N“
block in log all
block in quick from <abusive>
pass in log proto tcp to any port $ssh keep state
pass in log proto tcp to any port 25 keep state
#pass in log proto tcp to any port 80 keep state (max-src-conn 1,overload <abusive> flush)
pass in quick log proto icmp
pass in quick proto tcp from any to 192.168.56.102 port 80 keep state
pass in quick proto tcp from any to 192.168.56.101 port 80 keep state
pass out all keep state


Anchor example:
anchor „N“ { pass in proto tcp from 192.168.2.3 to port 22 }

To see logged packets , you need to enable in rc.conf:

pf_enable=“YES“
pf_rules=“/etc/pf.conf“
pflog_enable=“YES“

Than tcpdump to created interface pflog0 to see blocked traffic:

tcpdump -nni pflog0