pf, OpenBSD’s [p]acket [f]ilter (2)
network, security | pfortuny | (1)
We introduced OpenBSD's pf in a previous post. In the present one, we are going to start commenting a full-featured firewall configuration which uses quite a few of pf's functionalities: macros, lists, anchors...
As we said then, OpenBSD's FAQ contains the complete and detailed documentation.
Here is the complete set [but for those related to authpf] of firewall rules, usually stored at /etc/pf.conf (bear with me for the long quote, but I'd rather comment a complete file than do it in parts).
# 0) Start: macros and tables
ext_if="rl0"
int_if="vr0"
ext_services = "{smtp www 222}"
in_services = "{ssh smtp domain www}"
always_open ...