Hi,
I'm learning to set up a secure FreeBSD server (10.2) and I think I figured it all excepted for PF.
Here is my current ruleset:
As you can see, nothing fancy.
I have macros for tcp (ssh for now) and udp (ntp) for now. When needed, I will add other protocols (mainly https, I guess), but for now, I keep it as simple as possible and do by the (hand)book.
There is also a macro for icmp since my host ping the machine to automatically check if it's OK. That macro seems to work, at least I can ping the server and I don't receive any automatic mail from the host.
But now, I can't connect through SSH, so I guess there is a problem with my SSH line, but I can't see where I am wrong. Any hint would be greatly appreciated.
I'm learning to set up a secure FreeBSD server (10.2) and I think I figured it all excepted for PF.
Here is my current ruleset:
Code:
tcp_services = "{ ssh }"
udp_services = "{ ntp }"
icmp_types = "echoreq"
block all
pass out proto tcp to any port $tcp_services keep state
pass proto udp to any port $udp_services keep state
pass inet proto icmp all icmp-type $icmp_types keep state
As you can see, nothing fancy.
I have macros for tcp (ssh for now) and udp (ntp) for now. When needed, I will add other protocols (mainly https, I guess), but for now, I keep it as simple as possible and do by the (hand)book.
There is also a macro for icmp since my host ping the machine to automatically check if it's OK. That macro seems to work, at least I can ping the server and I don't receive any automatic mail from the host.
But now, I can't connect through SSH, so I guess there is a problem with my SSH line, but I can't see where I am wrong. Any hint would be greatly appreciated.