💾 Archived View for tozip.chickenkiller.com › freebsd-firewall.gmi captured on 2022-07-16 at 13:44:36. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2023-03-20)

-=-=-=-=-=-=-

FreeBSD Firewall

The firewall is called "pf" (packet filter)

Set-up /etc/rc.conf

# port forwarding
# https://docs.freebsd.org/en/books/handbook/firewalls/#firewalls-pf
pf_rule="/etc/pf.conf" # rules configuration
pf_enable="YES"
pflog_enable="yes" # enable loggin to /var/log/pflog by default
gateway_enable="YES"

Manually starting/restarting the firewall

Remember to start or restart:

service pf start

or

service pf restart

What interfaces do I have?

Type

ifconfig

You will see something like: bge0, lo0, wlan0.

lo0 is the loopback interface, which refers to internal routing.

bge0 is my external NIC.

wlan0 is my wifi dongle.

Redirecting ports

Suppose you wanted to redirect all interfaces calling port 300 to port 7777.

Here's the rule you would put in /etc/pf.conf:

rdr pass on {"bge0", "wlan0", "lo0"}  proto tcp from any to any port 300 -> 192.168.0.27 port 7777

If you want to astract out the interfaces, you could do something like:

all_if="{ue0, wlan0, lo0}"
rdr pass on $all_if  proto tcp from any to any port 300 -> 127.0.0.1 port 3000