correctly configuring PF with jailed environments
Laszlo Danielisz
laszlo.danielisz at yahoo.com
Fri Aug 8 14:20:57 UTC 2014
Have you tried disabling logging?
At least it can help reducing the load.
On Thursday, August 7, 2014 2:12 PM, Norman Khine <norman at khine.net> wrote:
hello, i have a web application running 3 jail environments one for Nginx
Web server, one for MongoDB/Redis and one for my Node.js application
this is my current pf.conf file
https://gist.github.com/nkhine/d03ea23a749c47bcc4d0
this works, as there is no access to my node app nor any of the dbs from
public interfaces.
the rules come out as
# pfctl -s rules
scrub out log on igb0 all random-id min-ttl 15 set-tos 0x1c fragment
reassemble
scrub in log on igb0 all min-ttl 15 fragment reassemble
scrub in all fragment reassemble
i find that on my webserver i get timeouts and the applicationd does not
load up quickly!
also, are there any improvements i can make to this as to ensure a more
secure environment?
any advice much appreciated
--
%>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26) for
c in ",adym,*)&uzq^zqf" ] )
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list