Browse Source

create examples/pf.conf which is a clone of the existing file. Now

the existing file can start losing... examples...
OPENBSD_5_6
deraadt 10 years ago
parent
commit
49f512458d
2 changed files with 37 additions and 2 deletions
  1. +2
    -2
      src/etc/Makefile
  2. +35
    -0
      src/etc/examples/pf.conf

+ 2
- 2
src/etc/Makefile View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.378 2014/07/16 12:25:52 deraadt Exp $
# $OpenBSD: Makefile,v 1.379 2014/07/16 12:46:16 deraadt Exp $
TZDIR= /usr/share/zoneinfo TZDIR= /usr/share/zoneinfo
LOCALTIME= Canada/Mountain LOCALTIME= Canada/Mountain
@ -45,7 +45,7 @@ EXAMPLES=chio.conf dhcpd.conf exports ftpchroot hosts.lpd ifstated.conf \
sensorsd.conf sensorsd.conf
EXAMPLES_600=bgpd.conf dvmrpd.conf hostapd.conf iked.conf ipsec.conf \ EXAMPLES_600=bgpd.conf dvmrpd.conf hostapd.conf iked.conf ipsec.conf \
ldapd.conf ldpd.conf ospf6d.conf ospfd.conf rc.local \
ldapd.conf ldpd.conf ospf6d.conf ospfd.conf pf.conf rc.local \
rc.securelevel rc.shutdown relayd.conf ripd.conf \ rc.securelevel rc.shutdown relayd.conf ripd.conf \
sasyncd.conf snmpd.conf ypldap.conf sasyncd.conf snmpd.conf ypldap.conf


+ 35
- 0
src/etc/examples/pf.conf View File

@ -0,0 +1,35 @@
# $OpenBSD: pf.conf,v 1.1 2014/07/16 12:46:16 deraadt Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
# increase default state limit from 10'000 states on busy systems
#set limit states 100000
set skip on lo
# filter rules and anchor for ftp-proxy(8)
#anchor "ftp-proxy/*"
#pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021
# anchor for relayd(8)
#anchor "relayd/*"
block return # block stateless traffic
pass # establish keep-state
# rules for spamd(8)
#table <spamd-white> persist
#table <nospamd> persist file "/etc/mail/nospamd"
#pass in on egress proto tcp from any to any port smtp \
# rdr-to 127.0.0.1 port spamd
#pass in on egress proto tcp from <nospamd> to any port smtp
#pass in log on egress proto tcp from <spamd-white> to any port smtp
#pass out log on egress proto tcp to any port smtp
#block in quick from urpf-failed to any # use with care
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

Loading…
Cancel
Save