On Fri, 18 Mar 2005, Neal Rauhauser wrote:
I'd like a minimal config that would let me protect TCP based services with
This is what I'm using on my laptop:
# Allow everything in the loopback network pass in quick on lo0 from any to any pass out quick on lo0 from any to any
# Allow incoming SSH pass in quick proto tcp from any to any port = 22 flags S keep state
# Allow outgoing traffic pass out quick proto tcp from any to any flags S keep state keep frags pass out quick proto udp from any to any keep state keep frags pass out quick proto icmp from any to any icmp-type echo keep state
# Block and log everything else block return-rst in log quick proto tcp from any to any block in log quick all block out log quick all
Works fine with NetBSD/i386 (ipf 4.1.6).
Martti
