From owner-freebsd-pf@FreeBSD.ORG Sun Feb 10 18:46:31 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id BD23F59D for ; Sun, 10 Feb 2013 18:46:31 +0000 (UTC) (envelope-from tyler@tysdomain.com) Received: from tds-solutions.net (tds-solutions.net [69.164.206.65]) by mx1.freebsd.org (Postfix) with ESMTP id 87AC5CCD for ; Sun, 10 Feb 2013 18:46:31 +0000 (UTC) Received: by tds-solutions.net (Postfix, from userid 5002) id B9797A063; Sun, 10 Feb 2013 11:46:30 -0700 (MST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on wuff X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable version=3.3.1 Received: from [192.168.1.101] (host-184-166-35-152.gdj-co.client.bresnan.net [184.166.35.152]) (Authenticated sender: tyler) by tds-solutions.net (Postfix) with ESMTPSA id 52278A007 for ; Sun, 10 Feb 2013 11:46:29 -0700 (MST) Message-ID: <5117EB02.70105@tysdomain.com> Date: Sun, 10 Feb 2013 11:46:26 -0700 From: "Littlefield, Tyler" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: initial pf configuration Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Feb 2013 18:46:31 -0000 hello: This is my initial pf configuration. I'd like to make sure it's ok. Also, if there's anything else I could do better, I would like to know. This is for a single public server running two servers--ssh and my mud. if="em0" tcp_services="{ 22 6666}" set block-policy drop set skip on lo set loginterface $if set ruleset-optimization profile set skip on lo scrub in on $if all fragment reassemble block in all antispoof quick for { $if lo } pass out from any to any pass in on $if proto tcp from any to any port $tcp_services synproxy state -- Take care, Ty http://tds-solutions.net The aspen project: a barebones light-weight mud engine: http://code.google.com/p/aspenmud He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.