fusionpbx-install.sh/freebsd/resources/pf/pf.conf


#define interfaces
#ext_if="em0"

#normalize packets
scrub in all

#prevent spoofing on the loopback
antispoof for lo0

#skip rule for loopback interface
set skip on lo0

#allow traffic on loopback
pass quick on lo0 all

#add the pf tables
table <pf-pass> persist file "/etc/pf-pass.conf"
table <pf-block> persist file "/etc/pf-block.conf"
table <sip-auth-ip> persist file "/etc/pf-block-sip-auth-ip.conf"
table <sip-auth-fail> persist file "/etc/pf-block-sip-auth-fail.conf"

#allow outbound traffic
pass out quick all

#pass allowed addresses
pass in quick from <pf-pass> to any keep state

#block traffic from blocked addresses
block in quick from <pf-block>
block in quick from <sip-auth-ip>
block in quick from <sip-auth-fail>

#allow ICMP
pass in quick inet proto icmp all
pass in quick inet6 proto icmp6 all

#allow additional ports
pass in quick inet proto tcp from any to any port 22 keep state
pass in quick inet proto tcp from any to any port 80 keep state
pass in quick inet proto tcp from any to any port 443 keep state
pass in quick inet proto tcp from any to any port 7443 keep state
pass in quick inet proto tcp from any to any port 5060:5091 keep state
pass in quick inet proto udp from any to any port 5060:5091 keep state
pass in quick inet proto udp from any to any port 16384:32768 keep state

#default block rule
block in all
Update pf.conf and settings 2024-08-26 04:01:59 +02:00
			`#define interfaces`
Update pf.conf 2019-03-26 05:57:16 +01:00			`#ext_if="em0"`
Update pf.conf and settings 2024-08-26 04:01:59 +02:00
			`#normalize packets`
Create pf.conf 2017-04-04 04:40:45 +02:00			`scrub in all`

update pf.conf Remove this line. anti-spoof quick for all It created an error. 2024-08-27 14:27:02 +02:00			`#prevent spoofing on the loopback`
			`antispoof for lo0`

Update pf.conf and settings 2024-08-26 04:01:59 +02:00			`#skip rule for loopback interface`
			`set skip on lo0`

			`#allow traffic on loopback`
			`pass quick on lo0 all`

			`#add the pf tables`
Update pf.conf 2019-03-26 05:57:16 +01:00			`table <pf-pass> persist file "/etc/pf-pass.conf"`
Update pf.conf and settings 2024-08-26 04:01:59 +02:00			`table <pf-block> persist file "/etc/pf-block.conf"`
			`table <sip-auth-ip> persist file "/etc/pf-block-sip-auth-ip.conf"`
			`table <sip-auth-fail> persist file "/etc/pf-block-sip-auth-fail.conf"`
Create pf.conf 2017-04-04 04:40:45 +02:00
Update pf.conf and settings 2024-08-26 04:01:59 +02:00			`#allow outbound traffic`
Update pf.conf 2017-04-04 05:14:10 +02:00			`pass out quick all`

Update pf.conf and settings 2024-08-26 04:01:59 +02:00			`#pass allowed addresses`
			`pass in quick from <pf-pass> to any keep state`

			`#block traffic from blocked addresses`
Update pf.conf 2019-03-26 05:57:16 +01:00			`block in quick from <pf-block>`
Update pf.conf and settings 2024-08-26 04:01:59 +02:00			`block in quick from <sip-auth-ip>`
			`block in quick from <sip-auth-fail>`
Update pf.conf 2019-03-26 05:57:16 +01:00
Update pf.conf and settings 2024-08-26 04:01:59 +02:00			`#allow ICMP`
Update pf.conf 2017-04-04 05:14:10 +02:00			`pass in quick inet proto icmp all`
			`pass in quick inet6 proto icmp6 all`
Create pf.conf 2017-04-04 04:40:45 +02:00
Update pf.conf and settings 2024-08-26 04:01:59 +02:00			`#allow additional ports`
Create pf.conf 2017-04-04 04:40:45 +02:00			`pass in quick inet proto tcp from any to any port 22 keep state`
			`pass in quick inet proto tcp from any to any port 80 keep state`
			`pass in quick inet proto tcp from any to any port 443 keep state`
Update pf.conf 2018-07-26 20:26:42 +02:00			`pass in quick inet proto tcp from any to any port 7443 keep state`
Update pf.conf 2019-03-26 05:57:16 +01:00			`pass in quick inet proto tcp from any to any port 5060:5091 keep state`
			`pass in quick inet proto udp from any to any port 5060:5091 keep state`
Create pf.conf 2017-04-04 04:40:45 +02:00			`pass in quick inet proto udp from any to any port 16384:32768 keep state`
Update pf.conf 2018-07-26 20:26:42 +02:00
Update pf.conf and settings 2024-08-26 04:01:59 +02:00			`#default block rule`
			`block in all`