Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 May 2020 17:16:58 -0400
From:      "Donald Mickunas" <dmickunas1954@fastmail.com>
To:        "Cristian Cardoso" <cristian.cardoso11@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: pkg slow down a lot with simple firewall.
Message-ID:  <8347b16b-5b9b-4e62-88fc-a3f19dc138a8@www.fastmail.com>
In-Reply-To: <CAKeEC-L1PTNU4Wr09rspFf7xkn1zE_%2BhghM7k6j9%2BbaZ3ObT-g@mail.gmail.com>
References:  <804eeda4-03ed-4ec8-8755-3130e06382d8@www.fastmail.com> <CAKeEC-L1PTNU4Wr09rspFf7xkn1zE_%2BhghM7k6j9%2BbaZ3ObT-g@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Thank you for you suggestion, Cristian.

I have implemented your suggestion with unexpected results.  Note: I did=
 reboot the system after I changed rc.conf.

$ cat /etc/rc.conf
clear_tmp_enable=3D"YES"
sendmail_enable=3D"NONE"
hostname=3D"donsoptiplex"
keymap=3D"us.kbd"
ifconfig_em0=3D"DHCP"
ifconfig_em0_ipv6=3D"inet6 accept_rtadv"
ntpd_enable=3D"YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev=3D"NO"
dbus_enable=3D"YES"
hald_enable=3D"YES"
autofs_enable=3D"YES"
kld_list=3D"/boot/modules/i915kms.ko"
sound_load=3D"YES"
snda_hda_load=3D"YES"
sddm_enable=3D"NO"
cupsd_enable=3D"YES"
devfs_system_ruleset=3D"system"
pf_enable=3D"YES"
pflog_enable=3D"YES"
pflog_logfile=3D"/var/log/pflog"

$ cat /etc/pf.conf
set skip on lo0
block all
pass in proto tcp to port { 22 }
pass out proto { tcp udp } to port { 22 53 80 123 443 }
pass out inet proto icmp icmp-type { echoreq }

$ ls -l /var/log/pflog
-rw-------  1 root  wheel  24 May 25 21:51 /var/log/pflog

$ sudo pkg update
Password:
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
$ sudo pkg update
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
$ sudo tcdump -n -e -ttt -r /var/log/pflog
sudo: tcdump: command not found
$ sudo tcpdump -n -e -ttt -r /var/log/pflog
reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
$=20

no output.  Did I miss something?

Thanks



On Wed, May 27, 2020, at 16:22, Cristian Cardoso wrote:
> Hello
> Try to activate pf logs to see what is blocking or slowing you down,
> insert this in the /etc/rc.conf file
> pflog_enable =3D "YES"
> pflog_logfile =3D "/ var / log / pflog"
>=20
> To view the logs afterwards is via tcpdump, as follows:
> tcpdump -n -e -ttt -r / var / log / pflog
>=20
> Em qua., 27 de mai. de 2020 =C3=A0s 16:23, Donald Mickunas
> <dmickunas1954@fastmail.com> escreveu:
> >
> > Hi all,
> >
> > I am new to firewalls and trying to learn. I am attempting to set up=
 a pf firewall on FreeBSD 12.1-RELEASE-p5. This is a home computer for p=
ersonal use and is not part of a server network. "pkg update" will take =
a minute or more to complete a verification that it is up to date with t=
he firewall on vs. seconds when the firewall is off. I can find no reaso=
n for this. I have done a variety of searches online plus in the various=
 forums with zero results. Any ideas?
> >
> > This is a simple firewall.
> > Here is my set up:
> >
> > */etc/pf.conf*
> >
> > set skip on lo0
> > block all
> > pass in proto tcp to port { 22 }
> > pass out proto { tcp udp } to port { 22 53 80 123 443 }
> > pass out inet proto icmp icmp-type { echoreq }
> >
> >
> > */etc/rc.conf*
> >
> > clear_tmp_enable=3D"YES"
> > sendmail_enable=3D"NONE"
> > hostname=3D"donsoptiplex"
> > keymap=3D"us.kbd"
> > ifconfig_em0=3D"DHCP"
> > ifconfig_em0_ipv6=3D"inet6 accept_rtadv"
> > ntpd_enable=3D"YES"
> > # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
> > dumpdev=3D"NO"
> > dbus_enable=3D"YES"
> > hald_enable=3D"YES"
> > autofs_enable=3D"YES"
> > kld_list=3D"/boot/modules/i915kms.ko"
> > sound_load=3D"YES"
> > snda_hda_load=3D"YES"
> > sddm_enable=3D"NO"
> > cupsd_enable=3D"YES"
> > devfs_system_ruleset=3D"system"
> > pf_enable=3D"YES"
> > pflog_enable=3D"YES"
> >
> > Thanks!!
> > _______________________________________________
> > freebsd-pf@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org=
"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8347b16b-5b9b-4e62-88fc-a3f19dc138a8>