Robert Gilaard <[EMAIL PROTECTED]> writes: > All the time I had the following entries in my pf.conf for my > Desktop system. However, as I've bought this pf book that was > lately released, I begin to suspect that these rules are way to > liberal. > > If I only want to be able to browse the web and maybe use > ssh-client, how should I rewrite the rules so that only those ports > are open (80,443 and 22)?
The main message in the parts of the book you're referring to is that allowing only the traffic you know there's a good reason to allow leads to a cleaner network and fewer surprises. In fact it can be quite instructive (and fun!) to play around with tcpdump to watch what happens on the interfaces you're interested in. You will see, of course, a lot of relatively uninteresting stuff that only says the traffic you thought would pass indeed does, but every now and then you will likely see something that has you grepping /etc/services and browsing man pages. Hm. Might actually be a good idea to expose learners to tcpdump a tad earlier. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
