Solved Allow all outgoing traffic but restrict incoming

Hello, I am new to PF and completely overwhelmed with it.
I'm setting it up on a productive workstation/server and want that I only SSH and HTTP are available from the outside. However I want that this machine can access everything. Also I want that X.org will run I heard that I need some settings for this to. In general there should be no firewall for localhost traffic.
How can I do this?
 
Also I want that X.org will run I heard that I need some settings for this to.
Only if you want to use a remote X connection. You don't need any firewall rules to run it and use it locally.


Code:
ext_if="changeme"

set skip on lo0

block in on $ext_if all
pass in quick on $ext_if proto tcp from any to ($ext_if) port 22
pass in quick on $ext_if proto tcp from any to ($ext_if) port 80

pass out on $ext_if from any to any
 
Only if you want to use a remote X connection. You don't need any firewall rules to run it and use it locally.


Code:
ext_if="changeme"

set skip on lo0

block in on $ext_if all
pass in quick on $ext_if proto tcp from any to ($ext_if) port 22
pass in quick on $ext_if proto tcp from any to ($ext_if) port 80

pass out on $ext_if from any to any

Oh and how do I allow pinging the server? (ICMP)
 
Something like this:
Code:
pass in on $ext_if proto icmp from any to ($ext_if) icmp-type 8 code 0
This will allow only ICMP type 8 code 0 (ICMP echo request).
 
Back
Top