Hello all:
I just recently set up a basic pf rule configuration. I'm curious what else I can do to secure this at the firewall level. My main concern is being able to limit DOS attacks, as well as limit the damage an attacker could do if he/she were able to gain access to an account. Since only one account has su, I need to be able to block users from outbound. So the idea basically is to be able to block say www from sending outbound to anything but 25 since I need to send mail, and block every other user from using any outbound at all.
Any other tips, ideas/suggestions/etc on how I could make my ruleset better would be welcome. I'm aiming for the best setup I can possibly have.
Thanks in advance,
~Sorressean
I just recently set up a basic pf rule configuration. I'm curious what else I can do to secure this at the firewall level. My main concern is being able to limit DOS attacks, as well as limit the damage an attacker could do if he/she were able to gain access to an account. Since only one account has su, I need to be able to block users from outbound. So the idea basically is to be able to block say www from sending outbound to anything but 25 since I need to send mail, and block every other user from using any outbound at all.
Any other tips, ideas/suggestions/etc on how I could make my ruleset better would be welcome. I'm aiming for the best setup I can possibly have.
Code:
if="em0"
tcp_services="{ 22, 80 }"
set block-policy drop
set skip on lo
set loginterface $if
block in log
#antispoof
#insures that packets supposedly coming from a loopback address aren't coming from external interfaces.
antispoof quick for { lo $if }
pass out from any to any
pass in on $if proto tcp from any to any port $tcp_services keep state
Thanks in advance,
~Sorressean