Your current rule set is not in any clear logical order, and some rules appear to have been found elsewhere and added, without an understanding of what the rule does. Some examples:
- You have "quick" rules at the end of your ruleset.
- You have rules that will never match.
- You have an unreferenced label.
- You have a broad rule in the middle of the set that negates all normal filter rules above it.
Based on this, I assume that:
- You do not understand how PF works.
- You do not understand PF filter rules.
- You have found some examples on the Internet, and have plugged them into your rule set, hoping they will somehow magically add value.
Of course, these are assumptions based on the pf.conf you've posted. If my assumptions are correct, these are my recommendations:
- Do NOT paste random PF rules you find on the Internet into your rule set.
- Do NOT use PF until you determine what you want to accomplish with it. Your current ruleset is for a terminating workstation running OpenBSD, with a single NIC. If that is correct -- I do not know if it is -- then you do not necessarily require PF at all.
To properly deploy an effective PF configuration, you
must:
- Understand what kind of traffic you want to allow.
- Understand what kind of traffic you want to deny.
- Determine if you need a "default allow" or "default deny" configuration. PF can do either.
- Set up rules that control traffic as desired
- Test the rules to ensure they behave as intended. This is one of the values of PF logging.
In order to understand the kind of traffic you want to allow or deny, you must have knowledge of the communication protocols involved, in order to configure effective rules.
In order to understand how to use PF, you must
read and
understand the PF User's Guide. It is available in English, German, French, Italian, Dutch, Polish, and Portuguese.