Hello evryone, I have finally got around to reading about pf and i have spent the day trying to configure basic rules to protect my system based upon the handbook and openBSD man pages. I am comfortable with my current configuration but i am hoping for some packet filtering experts to critique my rules and offer any tips to make it better. I want to be able to connect to localhost/loopback to run apache, php and mysql locally. I have already configured apache to listen only on localhost 80. I have tested my pf rules and i am able to connect to apache locally and also surf the web. I am posting this message from FreeBSD with pf running.
my pf.conf file
i would also like to use a proxy in the future. Anyone able to offer suggestions of how to set pf rules to forward traffic to a proxy? otherwise, i will do the research myself. Most important is that the posted rules meet your stamp of approval. Otherwise, please advise how to make the rules better.
Thank you for your time.
my pf.conf file
Code:
table <martians> {
0/8 10/8 127/8 169.254/16 172.16/12 192/24 192.0.2.0/24 224/3
192.168/16 198.18/15 198.51.100/24 203.0.113/24
}
set loginterface em0
set skip on lo0
set skip on lo1
antispoof for lo0
antispoof for lo1
antispoof log quick for em0
#block all = block in all and block out all
block all
block in quick inet6 all
block in quick from <martians> to any
pass out on em0 proto tcp from any to any port {53, 80, 443}
pass out on em0 proto udp from any to any port {53}i would also like to use a proxy in the future. Anyone able to offer suggestions of how to set pf rules to forward traffic to a proxy? otherwise, i will do the research myself. Most important is that the posted rules meet your stamp of approval. Otherwise, please advise how to make the rules better.
Thank you for your time.