Strict Standards: Redefining already defined constructor for class wpdb in /home/thornock/public_html/wordpress/wp-includes/wp-db.php on line 52

Deprecated: Assigning the return value of new by reference is deprecated in /home/thornock/public_html/wordpress/wp-includes/cache.php on line 36

Strict Standards: Redefining already defined constructor for class WP_Object_Cache in /home/thornock/public_html/wordpress/wp-includes/cache.php on line 389

Strict Standards: Declaration of Walker_Page::start_lvl() should be compatible with Walker::start_lvl($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::end_lvl() should be compatible with Walker::end_lvl($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::start_el() should be compatible with Walker::start_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_Page::end_el() should be compatible with Walker::end_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 537

Strict Standards: Declaration of Walker_PageDropdown::start_el() should be compatible with Walker::start_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 556

Strict Standards: Declaration of Walker_Category::start_lvl() should be compatible with Walker::start_lvl($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::end_lvl() should be compatible with Walker::end_lvl($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::start_el() should be compatible with Walker::start_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_Category::end_el() should be compatible with Walker::end_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 653

Strict Standards: Declaration of Walker_CategoryDropdown::start_el() should be compatible with Walker::start_el($output) in /home/thornock/public_html/wordpress/wp-includes/classes.php on line 678

Deprecated: Assigning the return value of new by reference is deprecated in /home/thornock/public_html/wordpress/wp-includes/query.php on line 21

Deprecated: Assigning the return value of new by reference is deprecated in /home/thornock/public_html/wordpress/wp-includes/theme.php on line 508

Strict Standards: Non-static method GoogleSitemapGenerator::Enable() should not be called statically in /home/thornock/public_html/wordpress/wp-content/plugins/sitemap.php on line 2452

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_query_vars() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 57

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_posts_where() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 57

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_posts_join() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 57

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_tag_templates() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 160
Gary Thornock's Weblog » Sample pf.conf for laptop
Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_add_ajax_javascript() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 160
22nd Jul, 2005

Sample pf.conf for laptop


Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/thornock/public_html/wordpress/wp-includes/formatting.php on line 74

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/thornock/public_html/wordpress/wp-includes/formatting.php on line 81

Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method UltimateTagWarriorActions::ultimate_the_content_filter() should not be called statically in /home/thornock/public_html/wordpress/wp-includes/plugin.php on line 57

I spent a bit of time a few weeks ago looking for a sample pf.conf suitable for a laptop. I found a few things that came close to what I needed, but nothing that was an exact fit. With a bit of customization, though, I ended up with something that seems to work well:

ext_if="em0"

set block-policy drop
set state-policy if-bound

# scrub rule
scrub on $ext_if all no-df random-id reassemble tcp fragment reassemble

# Trust only localhost :)
pass in quick on lo0 from any to lo0
pass out quick on lo0 from any to lo0

# By default, block everything coming in
block drop in all

# Outbound traffic is fine, keep state
pass out proto { tcp, udp, icmp } all keep state

# Allow inbound ssh, smtp, http(s)
pass in proto tcp from any to ($ext_if) port { 22, 25, 80 } flags S/SA keep state

# Incoming active-ftp data
pass in proto tcp from any port 20 to ($ext_if) port >= 1024 flags S/SA keep state

# In-office settings: allow Samba, MySQL, NFS
pass in proto tcp from any to ($ext_if) port { 139, 445, 3306 } flags S/SA keep state
pass in proto { tcp, udp } from any to ($ext_if) port { 111, 2049 } keep state

# Allow CUPS.  For some reason, this has to be "any to any" or it doesn't work.
pass quick proto { tcp, udp } from any to any port 631 keep state

For what it's worth, feel free to use it, ignore it or modify it as needed for your own systems.

No Tags

Responses


Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/thornock/public_html/wordpress/wp-includes/formatting.php on line 74

[…] Also, I mentioned during the presentation that I had a sample pf.conf for laptop use on this site. Here's the link. FreeBSD   […]

Categories