block ip's and ports
Sife Mailling
sife.mailling at yahoo.com
Mon Nov 23 16:01:50 UTC 2009
Salamo Alikom
i setup a firewall for personnel home computer ,now i want every packets block if it is not pass to specified ports .
this my pf.conf :
net_card="sis0"
tcp_ports="{80 ,https ,domain ,auth ,21}"
udp_ports="{domain}"
table <banned> file "/etc/pf/banned"
table <banned2> {www.google.com}
block in log (all) on $net_card proto {tcp ,udp} all
pass in on $net_card proto tcp from any to any port $tcp_ports
pass in on $net_card proto udp from any to any port $udp_ports
pass in on $net_card proto tcp from 192.168.0.0/16 to 192.168.0.0/16
block in on $net_card proto tcp from { <banned>, <banned2> } to any port $tcp_ports
pass out on $net_card proto tcp from any to any port $tcp_ports
pass out on $net_card proto udp from any to any port $udp_ports
pass out on $net_card inet proto tcp from any to any port ftp
pass out on $net_card inet proto tcp from any to any port > 1023
now skype is work and the both tables banned and banned2 i can browse sites including theme .
More information about the freebsd-pf
mailing list