freebsd 8
Olivier Thibault
Olivier.Thibault at lmpt.univ-tours.fr
Fri Jan 8 08:38:05 UTC 2010
Hello,
Le 07.01.2010 23:27, Kurt Turner a écrit :
> Hello all
>
> In an effort not to create yet another insecure server on the www I'd like
> to ensure my pf.conf file is good and secure - will someone please review
> this configuration and let me know your thoughts?
>
> I only want to allow www and ssh inbound and have limited access also
> outbound - this is a remote web server I do not have access to at all. TIA
>
...
> # keep stats of outging connections
> pass out keep state
This rule allows everything out and next outgoing rules won't be checked as this
one first match.
The "keep state" keyword is also not necessary any more since FreeBSD 7. It is
implicit.
Maybe you can just write "block return all", which implies in and out in the
same rule.
Best regards,
--
Olivier THIBAULT
Université François Rabelais - UFR Sciences et Techniques
Laboratoire de Mathématiques et Physique Théorique (UMR CNRS 6083)
Service Informatique de l'UFR
Parc de Grandmont
37200 Tours - France
Email: olivier.thibault at lmpt.univ-tours.fr
Tel: (33)(0)2 47 36 69 12
Fax: (33)(0)2 47 36 70 68
Mobile : (33)(0)6 62 60 80 44
More information about the freebsd-pf
mailing list