I am a newbie too and I try to configure pf.conf for my standalone computer. I red many examples and I had long time:
Code:
# Macros
ext_if = "rl0"
# Options: tune the behavior of pf.
set optimization normal
set block-policy drop
set loginterface $ext_if
set skip on lo
# Normalization: reassemble fragments etc.
scrub in all
# Filtering
antispoof quick for $ext_if
# Nobody gets in from the outside!
block in log quick on $ext_if all label "inblock"
# Block by default. (pass rules dhould follow later).
block out log on $ext_if all label "outblock"
pass out on $ext_if inet proto tcp all
pass out on $ext_if inet proto udp all.
pass out on $ext_if inet proto icmp all icmp-type 8 code
Now I have:
Code:
#macro
ext_if = rl0
scrub in on $ext_if all fragment reassemble
block all
set skip on lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
### block probes that can possibly determine our operating system by disallowing
### certain combinations that are commonly used by nmap, queso and xprobe2, who
### are attempting to fingerprint the server.
### * F : FIN ? Finish; end of session
### * S : SYN ? Synchronize; indicates request to start session
### * R : RST ? Reset; drop a connection
### * P : PUSH ? Push; packet is sent immediately
### * A : ACK ? Acknowledgement
### * U : URG ? Urgent
### * E : ECE ? Explicit Congestion Notification Echo
### * W : CWR ? Congestion Window Reduced
block in quick on $ext_if proto tcp flags FUP/WEUAPRSF
block in quick on $ext_if proto tcp flags WEUAPRSF/WEUAPRSF
block in quick on $ext_if proto tcp flags SRAFU/WEUAPRSF
block in quick on $ext_if proto tcp flags /WEUAPRSF
block in quick on $ext_if proto tcp flags SR/SR
block in quick on $ext_if proto tcp flags SF/SF
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state
### set a rule that allows inbound ssh traffic with synproxy handshaking.
pass in on $ext_if proto tcp from any to any port ssh flags S/SA synproxy state
### set a rule that allows inbound www traffic with synproxy handshaking.
pass in on $ext_if proto tcp from any to any port www flags S/SA synproxy state
table <ssh_abuse> persist
block in quick from <ssh_abuse>
pass in on $ext_if proto tcp to any port ssh flags S/SA keep state (max-src-conn 10, max-src-conn-rate 3/5, overload <ssh_abuse> flush)
Thanks.