Hey everybody,
Freenas version 9.3 running on a HP Proliant N40L
Ive been using freenas for the past couple of years and so far it has been friggin awesome. Just recently I setup a jail running transmission which I have been using to download torrents (all legal ones of course!). I try to be very security-concious so I've configured my ddwrt gateway's firewall to block all ports because I'm not running any servers on my lan that I want to be available to the internet. I've also setup openvpn on my transmission jail to anonymize my torrents. The problem with this is that I'm solely relying on my VPN provider to block connection requests to my jail because the vpn bypasses my router's firewall, which poses an obvious security threat.
I've tried to setup a pf firewall on the jail with no success by editing my rc.conf to include the following lines:
In addition to this I created a pf.conf with a couple of default PASS rules but when I start the jail, pf doesn't start and there is no pflog interface when I run ifconfig. If I try to manually start pf with "kldload pf", I get "operation not permitted". I can't use sudo within the jail. I can't execute "pkg install pf" (pkg not found). At this stage I'm a bit lost as to where to go. Can somebody please point me in the right direction to help me get a firewall running inside the jail?
Basically I just want to setup a firewall and create a few basic rules to block all requests to the jail through tun0 (which is the vpn).
Thanks in advance :)
P.S. Sorry if i'm blabbering on at all, it's like 3am here and I've been up all night trying to figure this out... time for bed now I think :p
Freenas version 9.3 running on a HP Proliant N40L
Ive been using freenas for the past couple of years and so far it has been friggin awesome. Just recently I setup a jail running transmission which I have been using to download torrents (all legal ones of course!). I try to be very security-concious so I've configured my ddwrt gateway's firewall to block all ports because I'm not running any servers on my lan that I want to be available to the internet. I've also setup openvpn on my transmission jail to anonymize my torrents. The problem with this is that I'm solely relying on my VPN provider to block connection requests to my jail because the vpn bypasses my router's firewall, which poses an obvious security threat.
I've tried to setup a pf firewall on the jail with no success by editing my rc.conf to include the following lines:
Code:
pf_enable="YES" pf_rules="/etc/pf.conf" pflog_enable="YES" pflog_logfile="/var/log/pflog"
In addition to this I created a pf.conf with a couple of default PASS rules but when I start the jail, pf doesn't start and there is no pflog interface when I run ifconfig. If I try to manually start pf with "kldload pf", I get "operation not permitted". I can't use sudo within the jail. I can't execute "pkg install pf" (pkg not found). At this stage I'm a bit lost as to where to go. Can somebody please point me in the right direction to help me get a firewall running inside the jail?
Basically I just want to setup a firewall and create a few basic rules to block all requests to the jail through tun0 (which is the vpn).
Thanks in advance :)
P.S. Sorry if i'm blabbering on at all, it's like 3am here and I've been up all night trying to figure this out... time for bed now I think :p