Greetings!
Would you be kind to review my pf.conf?
The setup is as follows:
ISP->Desktop->Cable to wireless router acting as access point
No services are to be run on desktop or wifi clients.
Clients are to be laptop and smart phone.
Is it configured good?
Will it be suitable for use without problems?
Missing something?
Desktop is 11.4 p3 generic kernel
Thank you for your time!
Would you be kind to review my pf.conf?
The setup is as follows:
ISP->Desktop->Cable to wireless router acting as access point
No services are to be run on desktop or wifi clients.
Clients are to be laptop and smart phone.
Is it configured good?
Will it be suitable for use without problems?
Missing something?
Desktop is 11.4 p3 generic kernel
Thank you for your time!
Code:
## Macros
#ISP lan
exif = nfe0
#LAN
lan = rl0
#LAN net
lonet=$lan:network
#ICMP
itype = "{echoreq,unreach}"
rsrv = " { 0.0.0.0/8, 10.0.0.0/8, 20.20.20.0/24, 127.0.0.0/8,
169.254.0.0/16, 172.16.0.0/12, 192.0.2.0/24, 192.168.0.0/16,
224.0.0.0/3, 255.255.255.255 } "
### Service
tcp_s = "{http,https}"
### Options
#Log interface
set loginterface $exif
#Policy
set block-policy return
#Optimization
set optimization aggressive
### Normalization
scrub in on $exif all
### Queueing
#NONE
### Translation
nat on $exif inet from $lonet to any -> ($exif)
### Filtering
pass quick on lo0 all
antispoof for { lo0, $exif, $lan }
pass quick on $lan all
block in quick on $exif from $rsrv to any
block in on $exif all
block out quick on $exif inet from !($exif) to any
pass in on $exif inet proto icmp all icmp-type $itype
pass out on $exif proto icmp all
pass out quick on $exif proto {tcp,udp} from any to any port 53
pass out proto tcp to any port $tcp_s