correctly configuring PF with jailed environments

Norman Khine norman at
Thu Aug 7 12:12:44 UTC 2014

hello, i have a web application running 3 jail environments one for Nginx
Web server, one for MongoDB/Redis and one for my Node.js application

this is my current pf.conf file

this works, as there is no access to my node app nor any of the dbs from
public interfaces.

the rules come out as

# pfctl -s rules
scrub out log on igb0 all random-id min-ttl 15 set-tos 0x1c fragment
scrub in log on igb0 all min-ttl 15 fragment reassemble
scrub in all fragment reassemble

i find that on my webserver i get timeouts and the applicationd does not
load up quickly!

also, are there any improvements i can make to this as to ensure a more
secure environment?

any advice much appreciated

%>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26) for
c in ",adym,*)&uzq^zqf" ] )

More information about the freebsd-questions mailing list