I've been reading the FAQ like mad trying to get all the PF rules
figured out and I'm a little bit confused on something.
It says in the FAQ that the first 2 implicit rules are
pass in all
pass out all
but I want to by default block everything.
My understanding is that pf won't even receive the reqests if i remove
those 2 rules.
So here is what my pf ruleset looks like so far (I'm replacing a linux
firewall so i can't quite test it until i'm sure it's ready).
======================================
ext_if = "xl0"
int_if = "xl1"
dmz = "xl2"
emailports = {"25, 110, 143, 993, 995, 5309"}
mailserver = "206.109.73.101"
webports = {"80, 443, ntp"} #can you put names like ntp?
webservers = "207.109.73.64/26"
pass in all
pass out all
pass in on $ext_if proto tcp from any to $mailserver ports $emailports
keep state
pass in log on $ext_if proto tcp from any to $mailserver ports 22 keep
state
pass in on $ext_if proto {tcp, udp} from any to $webservers ports
$webports keep state
pass in log on $ext_if proto tcp from any to $webservers ports 22 keep
state
pass out on xl0 all
======================
anything wrong with this so far? Any recomendations?
--Bryan
