Home arrow Security arrow PF Firewall arrow PF Examples
PF Examples PDF
Tuesday, 20 February 2007

This section contains many PF rules for different setups. If you are interested in other specific setups, write us.


Example 1 PF Rule to block all traffic and allow only Web traffic and FTP Traffic
------------------------------------------------------------------------------------------------

We've used statefull packet filtering. Traffic on port 53 must be allow to permit DNS querries. If you will need to allow only web traffic, then remove pass rules for port 22, 20.


# ---------------- Start pf.conf file ---------------------------------
if = "fxp0"
scrub in all

block in all
block out all

antispoof quick for $if

# allow icmp
pass out on $if proto icmp from any to any keep state

# allow dns queries
pass out on $if proto udp from any to any port 53 keep state

# pass ssh traffic
pass out on $if proto tcp from $if to any port 22 flags S/SA keep state

# pass http traffic
pass out on $if proto tcp from $if to any port 80 flags S/SA keep state

# pass ftp traffic
pass out on $if proto tcp from $if to any port { 21 , 20 } flags S/SA keep state

# allow passive ftp (the server initiates the connection on a upper port)
pass in on $if proto tcp from any port 20 to $if port >50000 flags S/SA keep state

pass on lo0 all
# ----------------- End pf.conf file ---------------------------------

Last Updated ( Tuesday, 20 February 2007 )
 

Other BSD Systems

OpenBSD

Misc

Solaris

Polls

Best BSD firewall?