Recent searches
Search options
#pf
2 posts2 participants0 posts today
That Grumpy BSD Guy: A Short Reading List https://nxdomain.no/~peter/the_short_reading_list.html A collection of pointers to things I have written and that I think may be of value to you too (with conference teasers) #openbsd #packetfilter #pf #cybercrime #antispam #security #networking #freesoftware #libresoftware #eurobsdcon #bsdcan
nxdomain.noThat Grumpy BSD Guy: A Short Reading List
As previously announced, there will be a PF tutorial at BSDCan 2025 -
For Upcoming PF Tutorials, We Welcome Your Questions
https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html
Registration: https://www.bsdcan.org/2025/registration.html
#BSDCan #EuroBSDcon #OpenBSD #PF #tutorial, #packetfilter #Ottawa #BookofPF #BSDCan #conferences #networking #security
nxdomain.noFor Upcoming PF Tutorials, We Welcome Your Questions
With #bsdcan now less than a month away https://www.bsdcan.org/2025/index.html we invite your questions and input on the upcoming PF tutorials, see
"For Upcoming PF Tutorials, We Welcome Your Questions" https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html
#EuroBSDCon #OpenBSD #PF #tutorial, #packetfilter #Ottawa #BookofPF #BSDCan #conferences #networking #security
www.bsdcan.orgBSDCan ConferenceBSDCan is a technical BSD conference held in Ottawa, Ontario, Canada.
"A good tutorial should sound to passersby much like an intense but amicable discussion between colleagues"
For Upcoming PF Tutorials, We Welcome Your Questions
https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html
#EuroBSDCon #OpenBSD #PF #tutorial, #packetfilter #Ottawa #BookofPF #BSDCan #conferences #networking #security
nxdomain.noFor Upcoming PF Tutorials, We Welcome Your Questions
For Upcoming PF Tutorials, We Welcome Your Questions
https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html
"A good tutorial should sound to passersby much like an intense but amicable discussion between colleagues"
#EuroBSDCon #OpenBSD #PF #tutorial, #packetfilter #Ottawa #BookofPF #BSDCan #conferences #networking #security
(Now with actual EuroBSDcon submissions deadline)
nxdomain.noFor Upcoming PF Tutorials, We Welcome Your Questions
"I have yet to meet an admin who plausibly claims to never have been tripped up by their overload rules at some point."
More, and a walk down memory lane, in "The Hail Mary Cloud And The Lessons Learned" https://nxdomain.no/~peter/hailmary_lessons_learned.html
#ssh #passwords #bruteforce #passwordgroping #cybercrime #openbsd #pf #packetfilter #security #guessablepasswords #hailmary #hailmarycloud
nxdomain.noThe Hail Mary Cloud And The Lessons Learned
Comparing firewall syntax for SSH (port 22) with default-deny:
================================================
#iptables (Linux)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
#nftables (Linux)
nft add rule inet my_filter input tcp dport 22 accept
nft add rule inet my_filter input drop
#ufw (Linux - simplified frontend to iptables)
ufw allow 22/tcp
ufw default deny incoming
#pf (OpenBSD)
pass in proto tcp to port 22
block all
pf’s syntax feels so elegant, human-readable, & minimal!
After 20years scripting iptables, I’m ready to try UFW on my laptop.
#firewall #sysadmin #pf #iptables #ufw #nftables
================================================
#iptables (Linux)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
#nftables (Linux)
nft add rule inet my_filter input tcp dport 22 accept
nft add rule inet my_filter input drop
#ufw (Linux - simplified frontend to iptables)
ufw allow 22/tcp
ufw default deny incoming
#pf (OpenBSD)
pass in proto tcp to port 22
block all
pf’s syntax feels so elegant, human-readable, & minimal!
After 20years scripting iptables, I’m ready to try UFW on my laptop.
#firewall #sysadmin #pf #iptables #ufw #nftables
Fresh out of the Oven.
I was searching for the best replacement of my Lenovo X1 Carbon 8th Gen's Wirreless Card (...not found yet - anyone?), and found this instead, which may be my 2morrows read:
A #beginners Guide To #Firewalling with #pf #pfsense
Maybe also interesting site for @vermaden s BSD-News? §8-)
Recent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too) https://nxdomain.no/~peter/blogposts/recent-and-not-so-recent_changes_in_openbsd_that_make_life_better.html from 2021 but has aged surprisingly well #openbsd #freesoftware #libresoftware #libressl #ssh #pf #laptops
nxdomain.noRecent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too)
#FriendlyReminder for people using #pfBlockerNG on #pfSense / #OPNsense or any other #FreeBSD-based #Firewall|ing-#distro:
Clean up ´´´/var/log/pfblockerng´´´ regularly, or else it'll fill up with disrespectful quickness depending on your setup.
- Ask me how I know!
Very useful cheat sheet on #pf 
OpenBSD Handbookpfctl cheat sheetGeneral PFCTL Commands # Disable packet-filtering:
pfctl -d
Enable packet-filtering:
pfctl -e
Run quiet:
pfctl -q
Run more verbose than normal:
pfctl -v
Run even more verbose:
pfctl -v -v
Loading PF Rules # Load /etc/pf.conf:
pfctl -f /etc/pf.conf
Test the rules: (parse /etc/pf.conf but dont load it)
pfctl -n -f /etc/pf.conf
Load only the FILTER rules:
pfctl -R -f /etc/pf.conf
Load only the NAT rules:
pfctl -N -f /etc/pf.
Finally run debian12 with gui thanks to vm-bhyve on freebsd14 after several month of tweaking and learning. Really big thank to @vermaden and his article https://vermaden.wordpress.com/2023/08/18/freebsd-bhyve-virtualization/ 
But one thing I still dont get it. I have a problem with resolving a DNS on the VM. IP addreses works well but domain names like google.com not at all. I solved it by adding "nameserver 8.8.8.8" in /etc/resolv.conf in VM, but I am not sure if I solve it well and dont understabd why I have to solve it anyway, I do not remeber that I would have to set it.
I se vm-bhyve with host wifi wlan interface so I had to set NAT in PF, in article it is a section laptop wifi nat. Is it normal to set resolv.conf file in VM?
𝚟𝚎𝚛𝚖𝚊𝚍𝚎𝚗 · FreeBSD Bhyve VirtualizationThe Bhyve FreeBSD hypervisor (called/spelled ‘beehive’ usually) was created almost 10 years ago. Right now it offers speed and features that other similar solutions provide – such…
For some reason I just looked up my now just over 2 year old piece "The Things Spammers Believe - A Tale of 300,000 Imaginary Friends" https://nxdomain.no/~peter/spammers_believe_in_300k_imaginary_friends.html (prettified, tracked https://bsdly.blogspot.com/2022/09/the-things-spammers-believe-tale-of.html) and realized that number will soon roll past the next big round marker. #spamtraps #traplist #spam #antispam #openbsd #pf #spamd #cybercrime #bottomfeeders #imaginaryfriends
nxdomain.noThat grumpy BSD guy: The Things Spammers Believe - A Tale of 300,000 Imaginary Friends
A piece of oft-repeated #openbsd #pf advice, from this morning on openbsd-misc:
In addition to the official resources such as the PF FAQ (https://www.openbsd.org/faq/pf/index.html) I think my own writings such as "A Few of My Favorite Things About The OpenBSD Packet Filter Tools" https://nxdomain.no/~peter/better_off_with_pf.html (or with G's trackers
as the cost for slightly nicer formatting https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html)
which has a few useful links at the end including to a certain book that *might*
be worth looking into.
www.openbsd.orgOpenBSD PF: User's Guide
some recent commits to FreeBSD main broken non-INET kernels again (pf.ko won't load)
PR with patch: https://github.com/freebsd/freebsd-src/pull/1511
GitHubpf: fix build on kernels without "options INET" by llfw · Pull Request #1511 · freebsd/freebsd-src
There was a "Network Management with the OpenBSD Packet Filter Toolset" tutorial session at @EuroBSDCon 2024, here are the updated slides: https://nxdomain.no/~peter/pf_fullday.pdf #openbsd #pf #networking #security #tcpip #ipv6 #ipv4 #ssh #spam #packetfilter #eurobsdcon
Whenever I see the a "How to protect your #SSH server against #bruteforce attacks" post or article centered on some #Linux woodo, I always think to post about how easy it is to deal with those on #OpenBSD and #FreeBSD with #PF add #statetracking options: As in https://home.nuug.no/~peter/pf/en/bruteforce.html, supplemented with https://nxdomain.no/~peter/forcing_the_password_gropers_through_a_smaller_hole.html, alternatively the PF tutorial https://nxdomain.no/~peter/pf_fullday.pdf and of course The Book of PF, https://nostarch.com/pf3
Also the slowpoke version: https://nxdomain.no/~peter/hailmary_lessons_learned.html
home.nuug.noTurning away the brutes