Hello, I'm working on a pf.conf.
What I want to do :
- allow outgoing traffic to 3 IP's and block all other.
- allow ingoing traffic from 3 IP's and block all other.
Hint: 4.4.4.4 Main Server IP / 5.5.5.5 = Website IP / 6.6.6.6 = Proxy Server (want everything to run through the proxy server).
This pf.conf is for the main server.
What I already have:
I'm 100% sure there is something wrong and the reason I post here is if anyone can check it because I don't want to lose access to the server.
What I want to do :
- allow outgoing traffic to 3 IP's and block all other.
- allow ingoing traffic from 3 IP's and block all other.
Hint: 4.4.4.4 Main Server IP / 5.5.5.5 = Website IP / 6.6.6.6 = Proxy Server (want everything to run through the proxy server).
This pf.conf is for the main server.
What I already have:
Code:
if = "{ em0 }"
allowed_ips = "{ 127.0.0.1, 4.4.4.4, 5.5.5.5, 6.6.6.6 }"
table <intranet> { 127.0.0.1 }
pass in quick from $allowed_ips to <intranet> keep state
pass out quick from <intranet> to $allowed_ips keep state
table <network> persist
block quick from <network>
pass in on $if proto tcp from $allowed_ips to $allowed_ips keep state
pass in on $if proto udp from $allowed_ips to $allowed_ips keep state
pass out on $if proto tcp from $allowed_ips to $allowed_ips keep state
pass out on $if proto udp from $allowed_ips to $allowed_ips keep state
block in on $if inet proto icmp all
block in all
block out all
pass in quick on lo0
pass out quick on lo0
pass in quick on em0 proto tcp from any to any port 22 keep state
pass in quick on em0 proto tcp from $allowed_ips to $allowed_ips port 3306 keep state
pass out quick on em0 proto tcp from $allowed_ips to $allowed_ips port 3306 keep stateI'm 100% sure there is something wrong and the reason I post here is if anyone can check it because I don't want to lose access to the server.
