View Single Post
  #5   (View Single Post)  
Old 10th July 2019
calanon calanon is offline
Port Guard
 
Join Date: Jul 2019
Posts: 38
Default

Quote:
Originally Posted by jggimi View Post
I would not use rdr-to, as that is designed for port forwarding. Instead, I would simply block the traffic by default, and use pass rules in the auth-pf anchor to pass the desired traffic. The example in the PF User's Guide uses pass rules for the anchor set.


For more specific help, please post your PF ruleset, and your authpf anchor rules. (You should redact any "real" Internet network addresses to maintain privacy.)
ok here you go, my guess is its a mess:

pf.conf
Code:
#  Interfaces 
extif="em0"
intif="em1"
# Variables
allowed_tcp_ports="{ ssh, https, rdp }"
set block-policy drop
set loginterface $extif
set skip on lo

# Block all Incoming Traffic 
block all

# Allow  temporary ICMP on ext interface
pass in on $extif inet proto icmp to ($extif) icmp-type 8 code 0 keep state
pass in on $extif proto tcp to ($extif) port $allowed_tcp_ports
authpf.rules
Code:
extif = "em0"
allowed_tcp_ports="{ ssh, https, rdp }"
pass out on $extif inet proto tcp from any to any port $allowed_tcp_ports
Reply With Quote