pf firewall for a server
Darrin Chandler
dwchandler at stilyagin.com
Wed Jul 26 03:44:43 UTC 2006
On Tue, Jul 25, 2006 at 08:30:46PM -0500, Jonathan Horne wrote:
> ive been googling for a while now this evening, but have unsuccesfully found
> any examples on how to firewall a server. i do *not* want to build a router,
> and unfortunatly, every article i seem to find wants to tell me how to build
> a router!
>
> i just want to learn how to build a simple pf config suitable for a server.
> if anyone knows of a website where such an example might be found, that would
> be awesome (but direct config examples in a reply will also be duely
> appreicated as well :)
Most of the rulesets for router/gateway firewalls with give you lots of
good info for a single server, too. Understanding how the rules work is
the name of the game either way. The handbood is a great place to start,
and the pf faq on the OpenBSD site is another.
Here's a very simple but functional pf.conf to get you going:
-----
if1 = "ne0" # Our Interface
allowed_svc = "{ ssh www }" # Services to let in
set skip on lo
scrub in
block in
pass out keep state
antispoof quick for lo
pass in log on $if1 inet proto icmp to ($if1) keep state # Optional
pass in log on $if1 inet proto tcp to ($if1) port $allowed_svc \
keep state
-----
That is something you can start with. BUT, you need to understand what
the rules do! Do read the handbook, faq, and man pages. See if you can
find anything wrong with the above ruleset.
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler at stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
More information about the freebsd-questions
mailing list