#---------start of pf.conf------------------
intface="em0"
tcp_pass={ 80, 25, 22 }
udp_pass={ 110, 631 }
table <good_guys> persist file "/etc/good_guys"
table <bad_guys> { 192.168.56.102/24 }
#Rules
#packet normalization
scrub in all
#block all incoming and outgoing traffic
block in all
block out all
#skip the loop back interface
set skip on lo0
#pass tcp connections for good_guys in given ports
pass in quick on $intface proto tcp from <good_guys> to any port $tcp_pass keep state
#allow http connection from bad guys
pass in quick on $intface proto tcp from <bad_guys> to port 80
#allow dns queries
pass out on $intface proto tcp from any to any port 53 keep state
#pass ssh traffic
pass out on $intface proto tcp from $intface to any port 22 flags S/SA keep state
#allow http traffic
pass out on $intface proto tcp from $intface to any port 80 flags S/SA keep state
#define anchor
anchor ftpanchor
anchor abc
#allow ftp traffic
pass out on $intface from tcp from $intface to any port { 20, 21 } flags S/SA keep state
No comments:
Post a Comment
If you like to say anything (good/bad), Please do not hesitate...