Gary said:
> I've been searching for some examples of pf.conf but all I can find are
> examples for a gateway/firewall with emphasis towards NAT.
>
> I need to set up packet filter on a stand alone (single NIC) OpenBSD 3.4
> box which will run ssh, httpd, dns, smtp, pop3.
>
> Please can anyone point me towards such examples or perhaps post their
> pf.conf for me to try.
>
> At the moment I'm just trying to get dns working, I tried the following
> but it seems not to work. ssh is working fine. I think dns needs to use
> other ports as well.
>
>
> # cat /etc/pf.conf
> #$OpenBSD: pf.conf,v 1.21 2003/09/02
> block in log all
> # pass ssh
> pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
> pass out on $ext_if proto { tcp, udp } all keep state
> # pass dns
> pass in on $ext_if proto { tcp, udp } from any to any port 53
> pass out on $ext_if proto { tcp, udp } from any to any port 53
>
>
> Many thanks in advance
> Gary
>
Start by reading the FAQ and all man pages. Is is good to know what you
are doing...
But here is a complete filter as a start.I have not tried it, but it
should be ok.
------
INTERNET_INT="fxp1"
scrub in on $INTERNET_INT all fragment reassemble
block log all
pass quick on lo0 all keep state
antispoof for $INTERNET_INT inet
pass out on $INTERNET_INT inet proto {tcp udp icmp} all keep state
# The rules goes here
pass in log quick on $INTERNET_INT inet proto tcp from any to
$INTERNET_INT port { 22 25 80 110 443 } flags S/SA keep state
pass in log quick on $INTERNET_INT inet proto udp from any to
$INTERNET_INT port { 53 } keep state
-------
/Peo
