Date: Fri, 08 Jan 2010 09:19:46 +0100 From: Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr> To: Kurt Turner <kturner@absolutenetworks.biz> Cc: freebsd-pf@freebsd.org Subject: Re: freebsd 8 Message-ID: <4B46EAA2.5050904@lmpt.univ-tours.fr> In-Reply-To: <40fc01eb1001071427g335634c9u1ffa8aacba1360f3@mail.gmail.com> References: <40fc01eb1001071427g335634c9u1ffa8aacba1360f3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Le 07.01.2010 23:27, Kurt Turner a =E9crit : > Hello all >=20 > In an effort not to create yet another insecure server on the www I'd l= ike > to ensure my pf.conf file is good and secure - will someone please revi= ew > this configuration and let me know your thoughts? >=20 > I only want to allow www and ssh inbound and have limited access also > outbound - this is a remote web server I do not have access to at all. = TIA >=20 ... > # keep stats of outging connections > pass out keep state This rule allows everything out and next outgoing rules won't be checked = as this=20 one first match. The "keep state" keyword is also not necessary any more since FreeBSD 7. = It is=20 implicit. Maybe you can just write "block return all", which implies in and out in = the=20 same rule. Best regards, --=20 Olivier THIBAULT Universit=E9 Fran=E7ois Rabelais - UFR Sciences et Techniques Laboratoire de Math=E9matiques et Physique Th=E9orique (UMR CNRS 6083) Service Informatique de l'UFR Parc de Grandmont 37200 Tours - France Email: olivier.thibault at lmpt.univ-tours.fr Tel: (33)(0)2 47 36 69 12 Fax: (33)(0)2 47 36 70 68 Mobile : (33)(0)6 62 60 80 44
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B46EAA2.5050904>