Quote:
Originally Posted by DutchDaemon
The scrub rule is fine. The antispoof rule should be fine, as long as you're not on a bridge. If your machine is an 'end-point pc', you only really need a few 'pass out quick' rules, and a 'block log all' (either above or below that pass out rules) to catch unwanted incoming traffic. I'm assuming you actually reloaded your ruleset
|
Yes, I did reloaded my ruleset.,,
I have no server, it is just home, desktop computer connected through D-Link DI-604 to the cable modem. I red about pf firewall and from examples wrote mine pf.conf.
If I understand you correctly that should be enough if I had for example pf.conf like:
# Macros
ext_if="sk0"
# Optimization
set optimization normal
set block-policy drop
set loginterface $ext_if
set skip on lo0
# NOrmalization
scrub in all
# Filtering
# antispoof quick for $ext_if
# Open to out
pass out on $ext_if inet proto tcp all flags S/SA modulate state
pass out on $ext_if inet proto udp all keep state
# ping out
pass out on $ext_if inet proto icmp all icmp-type 8 code 0 keep state
# Closed from outside
block in log quick on $ext_if all label "inblock"
Thank you a lot.
Mitja