1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

pf mac...

Discussion in 'Firewalls' started by balte, Nov 28, 2009.

  1. balte

    balte New Member

    Messages:
    2
    Thanks Received:
    0
    Hi,
    i need to configure pf rules. Computer on which i have pf use only www and auth.

    block all
    tcp = "{ www, auth}"
    pass out proto tcp to any port $tcp

    Is these rules enough for this computer security or should something else to add ?
     
  2. graudeejs

    graudeejs Well-Known Member

    Messages:
    4,594
    Thanks Received:
    632
    Code:
    services = "{ http, https, auth, domain, nameserver }"
    block all
    pass out from any to any port $services 


    I think this should do the trick

    note, this allows outgoing connection. If you want to make server, you need to allow incoming connections.
    You didn't mention, what exactly you want to build.

    This might not be sufficient (sometimes html are on 8080, for example)


    you should take a look at /etc/services


    This is my personal rule for html, that i use
    Code:
    pass out on $ext_if $net_type proto { tcp, udp } from { $ext_ip, <jail_ip_list> } to any port { http, https, domain, nameserver } group { users, wheel } keep state queue web
     
  3. balte

    balte New Member

    Messages:
    2
    Thanks Received:
    0
    Tnx i will try all service whether the work.