Date: Fri, 08 Jan 2010 09:19:46 +0100 From: Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr> To: Kurt Turner <kturner@absolutenetworks.biz> Cc: freebsd-pf@freebsd.org Subject: Re: freebsd 8 Message-ID: <4B46EAA2.5050904@lmpt.univ-tours.fr> In-Reply-To: <40fc01eb1001071427g335634c9u1ffa8aacba1360f3@mail.gmail.com> References: <40fc01eb1001071427g335634c9u1ffa8aacba1360f3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Le 07.01.2010 23:27, Kurt Turner a écrit : > Hello all > > In an effort not to create yet another insecure server on the www I'd like > to ensure my pf.conf file is good and secure - will someone please review > this configuration and let me know your thoughts? > > I only want to allow www and ssh inbound and have limited access also > outbound - this is a remote web server I do not have access to at all. TIA > ... > # keep stats of outging connections > pass out keep state This rule allows everything out and next outgoing rules won't be checked as this one first match. The "keep state" keyword is also not necessary any more since FreeBSD 7. It is implicit. Maybe you can just write "block return all", which implies in and out in the same rule. Best regards, -- Olivier THIBAULT Université François Rabelais - UFR Sciences et Techniques Laboratoire de Mathématiques et Physique Théorique (UMR CNRS 6083) Service Informatique de l'UFR Parc de Grandmont 37200 Tours - France Email: olivier.thibault at lmpt.univ-tours.fr Tel: (33)(0)2 47 36 69 12 Fax: (33)(0)2 47 36 70 68 Mobile : (33)(0)6 62 60 80 44
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B46EAA2.5050904>