grimoire

personal wiki
git clone git://git.pyratebeard.net/grimoire.git
Log | Files | Refs

pf.md (802B)

      1 # pf
      2 
      3 * default _pf.conf_ (from openbsd 7.3)
      4 ```
      5 #       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
      6 #
      7 # See pf.conf(5) and /etc/examples/pf.conf
      8 
      9 table <sshbastion> { 46.23.90.11 }
     10 
     11 set skip on lo
     12 
     13 block return    # block stateless traffic
     14 pass            # establish keep-state
     15 
     16 # By default, do not permit remote connections to X11
     17 block return in on ! lo0 proto tcp to port 6000:6010
     18 
     19 # Port build user does not need network
     20 block return out log proto {tcp udp} user _pbuild
     21 
     22 block return in proto tcp to port 22
     23 pass in quick proto tcp from <sshbastion> to port 22
     24 ```
     25 
     26 * block ssh except for bastion
     27 ```
     28 ...[output omitted]...
     29 
     30 table <sshbastion> { <ip_address> }
     31 
     32 ...[output omitted]...
     33 
     34 block return in proto tcp to port 22
     35 pass in quick proto tcp from <sshbastion> to port 22
     36 ```