Pf: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
{{TRADS}} | |||
'''pf''' is packet filter for *BSD. | '''pf''' is packet filter for *BSD. | ||
Line 23: | Line 24: | ||
[[Category:FreeBSD]] | [[Category:FreeBSD]] | ||
[[Category:Firewalls]] | [[Category:Firewalls]] | ||
[[Category:Networking]] | |||
[[Category:Security]] | |||
{{BADS}} | {{BADS}} |
Latest revision as of 15:19, 10 August 2019
pf is packet filter for *BSD.
Here is a sample ruleset that does nothing much except block one IP address to the web server on port 80.
ext_if="em0" # replace with actual external interface name i.e., dc0 int_if="em1" # replace with actual internal interface name i.e., dc1 internal_net="192.168.1/24" scrub in all pass in all pass out all block in quick on $ext_if proto tcp from 210.209.119.212/32 to any port 80
Start pf with the ruleset above (in /etc/pf.conf)
pf -F -f /etc/pf.conf
On FreeBSD you can use the rc script, assumes proper settings in /etc/rc.conf
/etc/rc.d/pf start
View the ruleset matches
pfctl -v -s rules