correctly configuring PF with jailed environments

Laszlo Danielisz laszlo.danielisz at
Fri Aug 8 14:20:57 UTC 2014

Have you tried disabling logging? 
At least it can help reducing the load.

On Thursday, August 7, 2014 2:12 PM, Norman Khine <norman at> wrote:

hello, i have a web application running 3 jail environments one for Nginx
Web server, one for MongoDB/Redis and one for my Node.js application

this is my current pf.conf file

this works, as there is no access to my node app nor any of the dbs from
public interfaces.

the rules come out as

# pfctl -s rules
scrub out log on igb0 all random-id min-ttl 15 set-tos 0x1c fragment
scrub in log on igb0 all min-ttl 15 fragment reassemble
scrub in all fragment reassemble

i find that on my webserver i get timeouts and the applicationd does not
load up quickly!

also, are there any improvements i can make to this as to ensure a more
secure environment?

any advice much appreciated

%>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26) for
c in ",adym,*)&uzq^zqf" ] )
freebsd-questions at mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list