#	$OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

set skip on lo

block return	# block stateless traffic

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild

# allow outgoing tcp, udp and icmp
pass out proto { tcp, udp } from self to any
pass out inet  proto icmp  from self to any
pass out inet6 proto icmp6 from self to any

# allow incoming icmp
pass in inet  proto icmp  from any to self
pass in inet6 proto icmp6 from any to self

# allow incoming ssh
pass in proto tcp from any to self port ssh

include "/etc/pf.include.conf"