View Single Post
  #4   (View Single Post)  
Old 8th December 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Here is a PF configuration that passes everything except inbound SSH from systems other than 192.168.1.2, applying general rules first then applying more specific rules, as the last matching rule wins.
Code:
# this is the address of the admin's workstation:
admin = "192.168.1.2"

# default pass:
pass log all

# block inbound ssh:
block log proto tcp from any to self port ssh

# pass inbound ssh from $admin:
pass log proto tcp from $admin to self port ssh
If you want to add queuing, you can either queue by priority or bandwidth. Queuing will only be applied when there is contention for resources. See the QUEUEING section of the pf.conf(5) man page for examples. (Yes, it's spelled that way).
Reply With Quote