rubysecurity.org

Anecdotes from a Linux Systems Administrator. /root

Home About Books Blog Portfolio Archive
13 January 2013

OpenBSD: PF firewall for the paranoid

by Alpha01

Block all traffic except for ssh.

/etc/pf.conf

tcp_services = "{ 22 }"
block all
pass out on em0 proto tcp to any port $tcp_services keep state
pass in on em0 proto tcp to any port $tcp_services keep state

Enabling rules:

pfctl -e ; pfctl -f /etc/pf.conf 
pfctl: pf already enabled
Tags: [ pf ]