Solved Handbook (Chapter 30. Firewalls)

masayoshi · May 6, 2020

Is x.x.x the same as xxx?

# Allow outbound access to public DNS servers.
# Replace x.x.x. with address listed in /etc/resolv.conf.
# Repeat for each DNS server.
pass out quick on dc0 proto tcp from any to x.x.x. port = 53 flags S keep state
pass out quick on dc0 proto udp from any to xxx port = 53 keep state

30.5.3. Example Ruleset

Instead of www, I should write http in pf.conf?

PF understands port names as well as port numbers, as long as the names are listed in /etc/services.

Code:

tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s }"
udp_services = "{ domain }"

Code:

root@FreeBSD:~ # less /etc/services | grep www
#       http://www.iana.org/assignments/port-numbers
http             80/sctp   www www-http #World Wide Web HTTP
http             80/tcp    www www-http #World Wide Web HTTP
http             80/udp    www www-http #World Wide Web HTTP

30.3.2. PF Rulesets

SirDice · May 6, 2020

masayoshi said:
Is x.x.x the same as xxx?

Yes.

masayoshi said:
Instead of www, I should write http in pf.conf?

Doesn't matter, they are equivalent.

SirDice · May 6, 2020

Alain De Vos said:
www is port 80, http has no meaning ?

Code:

# getent services http
http                 80/sctp  www www-http
# getent services www-http
http                 80/sctp  www www-http
# getent services www
http                 80/sctp  www www-http
# getent services doesnotexist
#

Solved Handbook (Chapter 30. Firewalls)

masayoshi

SirDice

Administrator

SirDice

Administrator