Hi, i need to configure pf rules. Computer on which i have pf use only www and auth. block all tcp = "{ www, auth}" pass out proto tcp to any port $tcp Is these rules enough for this computer security or should something else to add ?
Code:services = "{ http, https, auth, domain, nameserver }" block all pass out from any to any port $services I think this should do the trick note, this allows outgoing connection. If you want to make server, you need to allow incoming connections. You didn't mention, what exactly you want to build. This might not be sufficient (sometimes html are on 8080, for example) you should take a look at /etc/services This is my personal rule for html, that i use Code: pass out on $ext_if $net_type proto { tcp, udp } from { $ext_ip, <jail_ip_list> } to any port { http, https, domain, nameserver } group { users, wheel } keep state queue web
