49 lines
1.3 KiB
Plaintext
Executable File
49 lines
1.3 KiB
Plaintext
Executable File
|
|
#define interfaces
|
|
#ext_if="em0"
|
|
|
|
#normalize packets
|
|
scrub in all
|
|
|
|
#prevent spoofing on the loopback
|
|
antispoof for lo0
|
|
|
|
#skip rule for loopback interface
|
|
set skip on lo0
|
|
|
|
#allow traffic on loopback
|
|
pass quick on lo0 all
|
|
|
|
#add the pf tables
|
|
table <pf-pass> persist file "/etc/pf-pass.conf"
|
|
table <pf-block> persist file "/etc/pf-block.conf"
|
|
table <sip-auth-ip> persist file "/etc/pf-block-sip-auth-ip.conf"
|
|
table <sip-auth-fail> persist file "/etc/pf-block-sip-auth-fail.conf"
|
|
|
|
#allow outbound traffic
|
|
pass out quick all
|
|
|
|
#pass allowed addresses
|
|
pass in quick from <pf-pass> to any keep state
|
|
|
|
#block traffic from blocked addresses
|
|
block in quick from <pf-block>
|
|
block in quick from <sip-auth-ip>
|
|
block in quick from <sip-auth-fail>
|
|
|
|
#allow ICMP
|
|
pass in quick inet proto icmp all
|
|
pass in quick inet6 proto icmp6 all
|
|
|
|
#allow additional ports
|
|
pass in quick inet proto tcp from any to any port 22 keep state
|
|
pass in quick inet proto tcp from any to any port 80 keep state
|
|
pass in quick inet proto tcp from any to any port 443 keep state
|
|
pass in quick inet proto tcp from any to any port 7443 keep state
|
|
pass in quick inet proto tcp from any to any port 5060:5091 keep state
|
|
pass in quick inet proto udp from any to any port 5060:5091 keep state
|
|
pass in quick inet proto udp from any to any port 16384:32768 keep state
|
|
|
|
#default block rule
|
|
block in all
|