pf mac...

[balte]

Hi,
i need to configure pf rules. Computer on which i have pf use only www and auth.

block all
tcp = "{ www, auth}"
pass out proto tcp to any port $tcp

Is these rules enough for this computer security or should something else to add ?

 

[graudeejs]

services = "{ http, https, auth, domain, nameserver }"
block all
pass out from any to any port $services

I think this should do the trick

note, this allows outgoing connection. If you want to make server, you need to allow incoming connections.
You didn't mention, what exactly you want to build.

This might not be sufficient (sometimes html are on 8080, for example)


you should take a look at /etc/services


This is my personal rule for html, that i use

pass out on $ext_if $net_type proto { tcp, udp } from { $ext_ip, <jail_ip_list> } to any port { http, https, domain, nameserver } group { users, wheel } keep state queue web

 

[balte]

Tnx i will try all service whether the work.