Browse Source

Add a 'block' rule prior to the state creating 'pass' rule. This

way, TCP packets of e.g. timed out states are blocked rather than
passed by the implicit default pass rule.
sthen@ benno@ phessler@ mikeb@ agrees
OPENBSD_5_3
halex 11 years ago
parent
commit
2c9096e015
1 changed files with 3 additions and 2 deletions
  1. +3
    -2
      src/etc/pf.conf

+ 3
- 2
src/etc/pf.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: pf.conf,v 1.51 2013/01/26 17:12:21 claudio Exp $
# $OpenBSD: pf.conf,v 1.52 2013/02/13 23:11:14 halex Exp $
# #
# See pf.conf(5) for syntax and examples. # See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
@ -16,7 +16,8 @@ set skip on lo
# anchor for relayd(8) # anchor for relayd(8)
#anchor "relayd/*" #anchor "relayd/*"
pass # to establish keep-state
block # block stateless traffic
pass # establish keep-state
# rules for spamd(8) # rules for spamd(8)
#table <spamd-white> persist #table <spamd-white> persist


Loading…
Cancel
Save