Date: Wed, 30 May 2007 19:19:26 -0500 From: Jonathan Horne <freebsd@dfwlp.com> To: freebsd-questions@freebsd.org Subject: im new with pf Message-ID: <200705301919.26630.freebsd@dfwlp.com>
next in thread | raw e-mail | index | archive | help
i have a client who has a simple linksys router, with port 22, 25, 80, 443
forwarded to a freebsd server i built for his small business. 25 80 and 443
are obviously public services, but id like to limit access to 22 to the
trusted internal network, and my block of IPs i would be connecting from from
my site. along with regulating port 22, i also need all other ports to work
properly, since samba is installed, and i dont want to mess with picking and
choosing what ports will be in this config. i just need to limit access to
port 22.
does something like this look acceptable if the above is my goal?
[pf.conf]
# definitions
ext_if=fxp0
client="192.168.1.0/24"
mynet="[outsideips]/29"
table <trusted> { $client $mynet }
# rules start here
scrub in
block in all
pass quick on lo
antispoof quick for lo
pass in on $ext_if from <trusted> to ($ext_if) keep state
pass in on $ext_if proto tcp from any to ($ext_if) port { 25 80 443 } keep
state
pass out all keep state
[/pf.conf]
like i said, i need to allow local (and me, trusted) to anything, and anyone
else just access to 25, 80 and 443. thanks for any critiques and ideas.
--
Jonathan Horne
http://dfwlpiki.dfwlp.org
freebsd@dfwlp.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705301919.26630.freebsd>