PC-BSD’s graphical firewall manager

Adding a rule

PC-BSDPC-BSD is a desktop-oriented, FreeBSD-based distribution with KDE as the default desktop environment. The version due to be released shortly is PC-BSD 8. Because it the only BSD-based desktop distribution that’s in a position to compete with the best Linux desktop distributions, I’ll be publishing a number of articles over the next few weeks to introduce those not yet familiar with it to some of its management tools. This post takes a look at the graphical firewall manager.

The firewall application on PC-BSD (8) is OpenBSD’s Packet Filter (PF). It is a very powerful firewall application with many advanced features and functionalities. At the command line, the rules are a lot easier to write and understand than Linux’s IPTables/Netfilter. Though simple and intuitive to use, the graphical firewall manager that will ship with PC-BSD 8 only gives you access to a very small subset of the many useful features and functionalities of PF.

Access to the graphical firewall manage is via the Network Connectivity section of System Settings. Double click on it to begin.

Firewall icon
Access to the firewall manager is via the system settings window

Viewing and making changes to the firewall manager requires root access. Click on the “Run in Administrator Mode” button to bring up the password prompt. Type in root’s password at the prompt to be granted full access.

Permission window
Managing the graphical firewall manager requires root privileges.

This is the default graphical firewall manager’s window. By default, the firewall is enabled and configured straight out of the box. Most users will not need to do anything to use a PC-BSD-powered computer securely and safely on the Internet. The default behavior is to “pass all” on all outgoing traffic and “deny all” on all incoming traffic except those under the “Exceptions” tab. Click on this tab to view the exceptions.

Graphical firewall manager
This is the main window of the graphical firewall manager. It is enabled straight out of the box.

The are the exceptions to the default incoming traffic rule. To view the detail of any rule, select it and click on the “Edit entry” button.

Default rules
These are the firewall's default rules.

Details of the lockd rule. You’ll notice that the graphical firewall manager only allows you to set very basic rules for any service or protocol. You can see in this example that the rule allows access to lockd from any host or network. The same applies if you want to write an outgoing rule for a service. To see an example of this, click to add a new rule.

Rule editing
Individual rules may be edited.

Adding a new rule to the ruleset is as easy as choosing a service from the “Service” dropdown list. For this example, let’s use the “ssh” service to add an incoming rule. The default port will be automatically selected. If you are running SSH on a custom port, specify instead. The policy should be “Allow.” The rest are self-explanatory. As said earlier, the graphical firewall manager does not allow you to set more specific or granular rules. This SSH rule, for example, allows SSH connections from anywhere. To set a more specific rule, you may edit this entry in the /etc/pf.conf file or use the pfctl userland utility.

Related Post:  PC-BSD 8.2 review

Even for a new user, the rules are pretty easy to understand. A more specific rule for this “ssh” rule could be written as: pass in on em0 inet proto tcp from 192.168.1.15 to 192.168.1.6 port ssh . See, the rules are pretty easy to write and understand, even for non-gurus. You may read more about PF at the Official PF documentation page.

Adding a rule
New rule may be added to the list. The list of pre-set protocols is very impressive.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

Upcoming events

5 Responses

  1. about the comment you made about “the only BSD-based distribution that’s in a position to
    compete with the best Linux desktop distributions” I would like for you to know that many people would strongly disagree with you, in fact most people think pc-bsd is the ‘ubuntu’ of the BSD’s. Which isn’t a bad thing but its just a starting off point in which just makes things easier but if you want to really use BSD and not just have it all nice and pre-loaded for you then you would use freebsd, just like you would use debian instead of ubuntu. like this http://xkcd.com/456/ pc-bsd has auto-config issues and you will never avoid those issues.

    1. That statement was actually supposed to have read “the only BSD-based desktop distribution that’s in a position to …”

      I don’t think you want to agree with people who that “think pc-bsd is the ‘ubuntu’ of the BSD’s.” The PC-BSD I’m. playing with right now is in many ways better than Ubuntu.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.