Quote:
Originally Posted by J65nko
This is a simple pf.conf to block everything, except the ports mentioned in the TCPservices and UDPservices definitions.
Code:
EXT=re0
TCPservices = "{ www https domain }"
UDPservices = "{ domain }"
set skip on lo0
block log all
pass out quick on $EXT inet proto tcp from any to any port $TCPservices
pass out quick on $EXT inet proto udp from any to any port $UDPservices
This will load as
Code:
# pfctl -vvnf block-all.pf
EXT = "re0"
TCPservices = "{ www https domain }"
UDPservices = "{ domain }"
set skip on { lo0 }
@0 block drop log all
@1 pass out quick on re0 inet proto tcp from any to any port = www flags S/SA keep state
@2 pass out quick on re0 inet proto tcp from any to any port = https flags S/SA keep state
@3 pass out quick on re0 inet proto tcp from any to any port = domain flags S/SA keep state
@4 pass out quick on re0 inet proto udp from any to any port = domain keep state
EDIT: This is of course for a box with a single network interface, but I hope you get the idea  |
--------------------------------------------------------------------
thanks for your answer but as you know IDM and some internet download managers and accelerators are use port 80=www for download , and if we open this port with your config we can not block it ????
what i have to do ??? and of course IDM used simultaneously connections maybe 8 or even higher that this number for getting or down loading software ,, therefore we can not block them with this config
EXT=re0
TCPservices = "{
www https domain }"
UDPservices = "{ domain }"
set skip on lo0
block log all
pass out quick on $EXT inet proto tcp from any to any port $TCPservices
pass out quick on $EXT inet proto udp from any to any port $UDPservices