Quote:
Originally Posted by daemonfowl
what is the safest strategy to follow in pf rule set for an OpenBSD Desktop ?
|
This depends upon your ultimate goals. The following ruleset is simple & very restrictive:
Code:
block in all
pass out all
However, it doesn't do any logging, but maybe logging isn't important to you.
The point here is that one size doesn't fit all situations. The question is broad, & one definitive answer doesn't exist. You can help determine the answer which best fits your needs by studying:
Taking the time to digest the information in these sources will help better frame your understanding & future questions.
...& of course, the
pf(4) manpage is gospel.