From owner-freebsd-pf@FreeBSD.ORG Mon Dec 5 22:02:31 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7715316A424 for ; Mon, 5 Dec 2005 22:02:31 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from mail1.cil.se (mail1.cil.se [217.197.56.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBBFB43D4C for ; Mon, 5 Dec 2005 22:02:29 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from [192.168.98.245] ([192.168.98.245]) by mail1.cil.se with Microsoft SMTPSVC(6.0.3790.0); Mon, 5 Dec 2005 23:02:26 +0100 Message-ID: <4394B8F1.1020203@ide.resurscentrum.se> Date: Mon, 05 Dec 2005 23:02:25 +0100 From: Jon Otterholm User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051129) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 05 Dec 2005 22:02:26.0957 (UTC) FILETIME=[943ACBD0:01C5F9E7] Subject: PF on router X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 22:02:31 -0000 Hello. I am setting up a router with a bunch of if's. I will not do any NAT or fire walling. I want to protect the router and it's if's with PF without blocking any traffic not destined to the router. Late tonight I came up with this pf.conf and I would like to have some feedback on it #pf.conf table { xxx.xxx.xxx.xxx } table { xxx.xxx.xxx.xxx } pass in quick proto tcp from to any port 22 keep state block out quick from any to pass in all pass out all /J