diff options
Diffstat (limited to 'usr/local/etc/pf.conf')
| -rw-r--r-- | usr/local/etc/pf.conf | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/usr/local/etc/pf.conf b/usr/local/etc/pf.conf deleted file mode 100644 index c514fe8..0000000 --- a/usr/local/etc/pf.conf +++ /dev/null @@ -1,60 +0,0 @@ -## Set public interface ## -ext_if="vtnet0" - -## set and drop IP ranges on the public interface ## -martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ - 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ - 0.0.0.0/8, 240.0.0.0/4 }" - -table <spamd> persist -table <spamd-allow> persist - -# Allowed webmail services -#table <webmail> persist file "/usr/local/etc/pf.webmail.ip.conf" - -## Skip loop back interface - Skip all PF processing on interface ## -set skip on lo - -## Sets the interface for which PF should gather statistics such as bytes in/out and packets passed/blocked ## -set loginterface $ext_if - -# Deal with attacks based on incorrect handling of packet fragments -scrub in all - - -# Pass spamd allow list -rdr pass log on $ext_if inet proto tcp from <spamd-allow> to $ext_if port smtp \ - -> 127.0.0.1 port 25 -# Pass webmail servers -rdr pass log on $ext_if inet proto tcp from <gmail> to $ext_if port smtp \ - -> 127.0.0.1 port 25 -# pass submission messages. -pass quick log on $ext_if inet proto tcp from any to $ext_if port submission modulate state -# Pass unknown mail to spamd -rdr pass log on $ext_if inet proto tcp from {!<spamd-allow> <spamd>} to $ext_if port smtp \ - -> 127.0.0.1 port 8025 - -## Blocking spoofed packets -antispoof quick for $ext_if - -## Set default policy ## -block return in log all -block out all - -# Drop all Non-Routable Addresses -block drop in quick on $ext_if from $martians to any -block drop out quick on $ext_if from any to $martians - -pass in inet proto tcp to $ext_if port ssh - -# Allow Ping-Pong stuff. Be a good sysadmin -pass inet proto icmp icmp-type echoreq - -# Open up imap/pop3 support -pass quick on $ext_if proto tcp from any to any port {imap, imaps, pop3, pop3s} modulate state - - -# Allow outgoing traffic -pass out on $ext_if proto tcp from any to any modulate state -pass out on $ext_if proto udp from any to any keep state -#pass quick on $ext_if from any to any port http |