Thread: pf.conf
View Single Post
  #7   (View Single Post)  
Old 18th September 2008
lumiwa lumiwa is offline
Package Pilot
 
Join Date: May 2008
Posts: 145
Default

Quote:
Originally Posted by DutchDaemon View Post
The scrub rule is fine. The antispoof rule should be fine, as long as you're not on a bridge. If your machine is an 'end-point pc', you only really need a few 'pass out quick' rules, and a 'block log all' (either above or below that pass out rules) to catch unwanted incoming traffic. I'm assuming you actually reloaded your ruleset
Yes, I did reloaded my ruleset.,,

I have no server, it is just home, desktop computer connected through D-Link DI-604 to the cable modem. I red about pf firewall and from examples wrote mine pf.conf.
If I understand you correctly that should be enough if I had for example pf.conf like:

# Macros
ext_if="sk0"

# Optimization
set optimization normal
set block-policy drop
set loginterface $ext_if
set skip on lo0

# NOrmalization
scrub in all

# Filtering
# antispoof quick for $ext_if

# Open to out
pass out on $ext_if inet proto tcp all flags S/SA modulate state
pass out on $ext_if inet proto udp all keep state

# ping out
pass out on $ext_if inet proto icmp all icmp-type 8 code 0 keep state

# Closed from outside
block in log quick on $ext_if all label "inblock"

Thank you a lot.

Mitja
Reply With Quote