Skip to content

msviba/dynfw-client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.gitignore
.gitignore
 
 
ORIGIN-README.md
ORIGIN-README.md
 
 
README.md
README.md
 
 
dynfw_client.py
dynfw_client.py
 
 
rc.d-dynfw
rc.d-dynfw
 
 

Repository files navigation

PF implementation (FreeBSD)

Description

Every blacklisted IPs will be added to pf table sentinel-bl. Root permition is required (pfctl).

It uses those commands:

  • /sbin/pfctl -t sentinel-bl -T add $positiveIp
  • /sbin/pfctl -t sentinel-bl -T del $negativeIp

Instalation

pkg install py311-pyzmq py311-msgpack

PF configuration

    table <sentinel-bl> persist

    # some yours rules and better whitelist your IPs
    pass in quick proto tcp from <whitelist> to any port {ssh} flags S/SA modulate state
    pass in quick proto udp from <whitelist> port = 500 to any port = 500
    pass in quick on $ext_if proto esp from <whitelist> to any
    pass in quick on $ext_if proto ah from <whitelist> to any
    
    # block blacklisted IPs
    block in quick on $ext_if from <sentinel-bl> to any

About

implementation of PF on FreeBSD, fork from https://gitlab.nic.cz/turris/sentinel/dynfw-example-client

Topics

freebsd sentinel pf turris dynfw

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages