Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 May 2020 17:22:29 -0300
From:      Cristian Cardoso <cristian.cardoso11@gmail.com>
To:        Donald Mickunas <dmickunas1954@fastmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: pkg slow down a lot with simple firewall.
Message-ID:  <CAKeEC-L1PTNU4Wr09rspFf7xkn1zE_%2BhghM7k6j9%2BbaZ3ObT-g@mail.gmail.com>
In-Reply-To: <804eeda4-03ed-4ec8-8755-3130e06382d8@www.fastmail.com>
References:  <804eeda4-03ed-4ec8-8755-3130e06382d8@www.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello
Try to activate pf logs to see what is blocking or slowing you down,
insert this in the /etc/rc.conf file
pflog_enable =3D "YES"
pflog_logfile =3D "/ var / log / pflog"

To view the logs afterwards is via tcpdump, as follows:
tcpdump -n -e -ttt -r / var / log / pflog

Em qua., 27 de mai. de 2020 =C3=A0s 16:23, Donald Mickunas
<dmickunas1954@fastmail.com> escreveu:
>
> Hi all,
>
> I am new to firewalls and trying to learn. I am attempting to set up a pf=
 firewall on FreeBSD 12.1-RELEASE-p5. This is a home computer for personal =
use and is not part of a server network. "pkg update" will take a minute or=
 more to complete a verification that it is up to date with the firewall on=
 vs. seconds when the firewall is off. I can find no reason for this. I hav=
e done a variety of searches online plus in the various forums with zero re=
sults. Any ideas?
>
> This is a simple firewall.
> Here is my set up:
>
> */etc/pf.conf*
>
> set skip on lo0
> block all
> pass in proto tcp to port { 22 }
> pass out proto { tcp udp } to port { 22 53 80 123 443 }
> pass out inet proto icmp icmp-type { echoreq }
>
>
> */etc/rc.conf*
>
> clear_tmp_enable=3D"YES"
> sendmail_enable=3D"NONE"
> hostname=3D"donsoptiplex"
> keymap=3D"us.kbd"
> ifconfig_em0=3D"DHCP"
> ifconfig_em0_ipv6=3D"inet6 accept_rtadv"
> ntpd_enable=3D"YES"
> # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
> dumpdev=3D"NO"
> dbus_enable=3D"YES"
> hald_enable=3D"YES"
> autofs_enable=3D"YES"
> kld_list=3D"/boot/modules/i915kms.ko"
> sound_load=3D"YES"
> snda_hda_load=3D"YES"
> sddm_enable=3D"NO"
> cupsd_enable=3D"YES"
> devfs_system_ruleset=3D"system"
> pf_enable=3D"YES"
> pflog_enable=3D"YES"
>
> Thanks!!
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKeEC-L1PTNU4Wr09rspFf7xkn1zE_%2BhghM7k6j9%2BbaZ3ObT-g>