| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
/etc/pf.conf
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s }"
udp_services = "{ domain }"
block all
pass out proto tcp to any port $tcp_services
pass proto udp to any port $udp_services OpenBSD 4.0 and earlier needs keep state added to these rules
- load your new rules
peter@skapet:~$ sudo pfctl -f /etc/pf.conf
for syntax check only:
peter@skapet:~$ sudo pfctl -nf /etc/pf.conf
Note: only valid rule sets load, flushing rarely makes sense