Date: Thu, 7 Aug 2014 13:12:37 +0100 From: Norman Khine <norman@khine.net> To: freebsd-questions@freebsd.org Subject: correctly configuring PF with jailed environments Message-ID: <CAKgQ7UK%2BCA7fp9vkV=4t5t814PwjQeTDyDhQF_FJOU2zO-=7aw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
hello, i have a web application running 3 jail environments one for Nginx Web server, one for MongoDB/Redis and one for my Node.js application this is my current pf.conf file https://gist.github.com/nkhine/d03ea23a749c47bcc4d0 this works, as there is no access to my node app nor any of the dbs from public interfaces. the rules come out as # pfctl -s rules scrub out log on igb0 all random-id min-ttl 15 set-tos 0x1c fragment reassemble scrub in log on igb0 all min-ttl 15 fragment reassemble scrub in all fragment reassemble i find that on my webserver i get timeouts and the applicationd does not load up quickly! also, are there any improvements i can make to this as to ensure a more secure environment? any advice much appreciated -- %>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26) for c in ",adym,*)&uzq^zqf" ] )
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKgQ7UK%2BCA7fp9vkV=4t5t814PwjQeTDyDhQF_FJOU2zO-=7aw>