28 lines
735 B
Plaintext
28 lines
735 B
Plaintext
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
|
|
#
|
|
# See pf.conf(5) and /etc/examples/pf.conf
|
|
|
|
set skip on lo
|
|
|
|
block return # block stateless traffic
|
|
|
|
# By default, do not permit remote connections to X11
|
|
block return in on ! lo0 proto tcp to port 6000:6010
|
|
|
|
# Port build user does not need network
|
|
block return out log proto {tcp udp} user _pbuild
|
|
|
|
# allow outgoing tcp, udp and icmp
|
|
pass out proto { tcp, udp } from self to any
|
|
pass out inet proto icmp from self to any
|
|
pass out inet6 proto icmp6 from self to any
|
|
|
|
# allow incoming icmp
|
|
pass in inet proto icmp from any to self
|
|
pass in inet6 proto icmp6 from any to self
|
|
|
|
# allow incoming ssh
|
|
pass in proto tcp from any to self port ssh
|
|
|
|
include "/etc/pf.include.conf"
|