Date: Sun, 10 Aug 2014 08:02:31 -0400 From: Fbsd8 <fbsd8@a1poweruser.com> To: Norman Khine <norman@khine.net> Cc: freebsd-questions@freebsd.org Subject: Re: correctly configuring PF with jailed environments Message-ID: <53E75F57.5040907@a1poweruser.com> In-Reply-To: <CAKgQ7UK%2BCA7fp9vkV=4t5t814PwjQeTDyDhQF_FJOU2zO-=7aw@mail.gmail.com> References: <CAKgQ7UK%2BCA7fp9vkV=4t5t814PwjQeTDyDhQF_FJOU2zO-=7aw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Norman Khine wrote: > hello, i have a web application running 3 jail environments one for Nginx > Web server, one for MongoDB/Redis and one for my Node.js application > > this is my current pf.conf file > > https://gist.github.com/nkhine/d03ea23a749c47bcc4d0 > > this works, as there is no access to my node app nor any of the dbs from > public interfaces. > > the rules come out as > > # pfctl -s rules > scrub out log on igb0 all random-id min-ttl 15 set-tos 0x1c fragment > reassemble > scrub in log on igb0 all min-ttl 15 fragment reassemble > scrub in all fragment reassemble > > i find that on my webserver i get timeouts and the html application does not > load up quickly! > > also, are there any improvements i can make to this as to ensure a more > secure environment? > > any advice much appreciated > I do not see this as a jail or pf problem. Look at commenting out any mod_* from the httpd.conf file that the html application does not use. Check that the 3 apache jails are not using the same service port (80). Do not use the apache default directory location for holding your html application files. Disable the pf firewall in rc.conf and test if this speeds up apache.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53E75F57.5040907>