2019-03-26 05:57:16 +01:00
|
|
|
#ext_if="em0"
|
2017-04-04 04:40:45 +02:00
|
|
|
set skip on lo0
|
|
|
|
|
scrub in all
|
|
|
|
|
|
|
|
|
|
antispoof for lo0
|
|
|
|
|
table <fail2ban> persist
|
2019-03-26 05:57:16 +01:00
|
|
|
table <pf-block> persist file "/etc/pf-block.conf"
|
|
|
|
|
table <pf-pass> persist file "/etc/pf-pass.conf"
|
|
|
|
|
pass in quick from <pf-pass> to any keep state
|
2017-04-04 04:40:45 +02:00
|
|
|
|
2017-04-04 05:14:10 +02:00
|
|
|
pass out quick all
|
|
|
|
|
pass quick on lo0 all
|
|
|
|
|
|
2017-04-04 04:40:45 +02:00
|
|
|
block in all
|
|
|
|
|
block in quick from <fail2ban>
|
2019-03-26 05:57:16 +01:00
|
|
|
block in quick from <pf-block>
|
|
|
|
|
#antispoof quick for $ext_if
|
|
|
|
|
|
2017-04-04 05:14:10 +02:00
|
|
|
pass in quick inet proto icmp all
|
|
|
|
|
pass in quick inet6 proto icmp6 all
|
2017-04-04 04:40:45 +02:00
|
|
|
|
|
|
|
|
pass in quick inet proto tcp from any to any port 22 keep state
|
|
|
|
|
pass in quick inet proto tcp from any to any port 80 keep state
|
|
|
|
|
pass in quick inet proto tcp from any to any port 443 keep state
|
2018-07-26 20:26:42 +02:00
|
|
|
pass in quick inet proto tcp from any to any port 7443 keep state
|
2019-03-26 05:57:16 +01:00
|
|
|
pass in quick inet proto tcp from any to any port 5060:5091 keep state
|
|
|
|
|
pass in quick inet proto udp from any to any port 5060:5091 keep state
|
2017-04-04 04:40:45 +02:00
|
|
|
pass in quick inet proto udp from any to any port 16384:32768 keep state
|
2018-07-26 20:26:42 +02:00
|
|
|
|
