PF Looking for pf.conf example

Roald

Roald

Hello,
After using Gentoo and Arch GNU/Linux for a few years, i decided to migrate to FreeBSD, however upon setting up FreeBSD on my Dell Inspiron 15 3567 Laptop, i am having a hard time, finding a decent pf.conf
I searched the WWW for some pf.conf examples, but i can't find any that suits my needs:

On my old Gentoo system, i used to run iptables script that worked fine for years, and i would love to see the same kind of setup on pf.
I will attach the iptables-script i always used.
Nice thing about that iptables script is that it can filter the dns traffic to only allow openDNS.

All i need on the FreeBSD system will be, http + https for some basic web-surfing.
Also would like to see in + out going traffic blocked.

Can anyone help with creating such pf.conf ?
 

Attachments

  • iptables_script.txt
    7.6 KB · Views: 186
Well, I doubt someone will attempt to translate a huge iptables script for you. But the handbook and the resources linked there will guide you quickly, pf is IMHO simple to grasp.

You will have some improvements over iptables, e.g. in my experience, pf configs achieving the same thing are often smaller than iptables scripts, and pf has the nice property to apply a whole ruleset with transactional semantics. If for some reason, your ruleset can't be applied as a whole, the old one stays active.
 
How do you hope to gain any security if you don't bother to look into the way your firewall works? No offense intended here but I get the impression that this "example pf.conf" is actually meant to be your new firewall script. An example is an example, and from your message it seems you looked into quite a few already.

Seriously... pf.conf isn't all that hard. pf.conf(5) is actually a decent read to help you set up a good basis. Knowing about the basis of a good firewall also helps: block everything and then poke the gaps you need in order to have a working setup.

It might help if you could give us some specific aspects you're having trouble with.
 
I agree: i should actually look into pf, but did not have the time yet. Was just hoping there was easy and simple pf.conf i could copy and use, while setting up my new FreeBSD laptop.
When i am done setting up the laptop, i will have a look into Packet Filtering, and learn the basics, because again i agree, copy paste pf.conf will not gain any security, if i don't understand what it does.
 
You must log in or register to reply here.
Back
Top