Date: Mon, 23 Nov 2009 07:35:08 -0800 (PST) From: Sife Mailling <sife.mailling@yahoo.com> To: freebsd-pf@freebsd.org Subject: block ip's and ports Message-ID: <745127.92574.qm@web113110.mail.gq1.yahoo.com>
next in thread | raw e-mail | index | archive | help
Salamo Alikom
i setup a firewall for personnel home computer ,now i want every packets block if it is not pass to specified ports .
this my pf.conf :
net_card="sis0"
tcp_ports="{80 ,https ,domain ,auth ,21}"
udp_ports="{domain}"
table <banned> file "/etc/pf/banned"
table <banned2> {www.google.com}
block in log (all) on $net_card proto {tcp ,udp} all
pass in on $net_card proto tcp from any to any port $tcp_ports
pass in on $net_card proto udp from any to any port $udp_ports
pass in on $net_card proto tcp from 192.168.0.0/16 to 192.168.0.0/16
block in on $net_card proto tcp from { <banned>, <banned2> } to any port $tcp_ports
pass out on $net_card proto tcp from any to any port $tcp_ports
pass out on $net_card proto udp from any to any port $udp_ports
pass out on $net_card inet proto tcp from any to any port ftp
pass out on $net_card inet proto tcp from any to any port > 1023
now skype is work and the both tables banned and banned2 i can browse sites including theme .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?745127.92574.qm>