View Single Post
  #5   (View Single Post)  
Old 24th August 2012
daemonfowl daemonfowl is offline
Join Date: Jan 2012
Location: DaemonLand
Posts: 834

ocicat, that's from daemonfowl blindly copying and pasting from FAQ 6.9, without comprehension. Only NIC names were changed.
That's right Teacher ! & I hope you're not shocked .. well it's really my 1st attempt to play ith pf :-)
I've changed that line .. 'up' is enough so it will use autoselect (defaults) .. but if you deem simplication is better I may do without the bridge.

There was a contribution by oko , an example of a working pf.conf that maybe I can elaborate on to meet my needs and my needs for a box are : http/ftp/ssh/ plus being able to use p2p (amule & bitorrent)
Here is oko's sample pf.conf :

tcp_services = "{ssh, imaps, smtp, 587, domain, ntp, www, https}"
udp_services= "{domain, ntp}"

set skip on lo
set loginterface $ext_if

scrub in all random-id fragment reassemble

block return in log all
block out all

antispoof quick for $ext_if

pass out quick on $ext_if proto tcp to any port $tcp_services
pass out quick on $ext_if proto udp to any port $udp_services
Reply With Quote