Created
June 21, 2016 06:10
-
-
Save jauderho/98c05aaae3cc4988e7c9f500025d8396 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Default PF configuration file. | |
| # | |
| # This file contains the main ruleset, which gets automatically loaded | |
| # at startup. PF will not be automatically enabled, however. Instead, | |
| # each component which utilizes PF is responsible for enabling and disabling | |
| # PF via -E and -X as documented in pfctl(8). That will ensure that PF | |
| # is disabled only when the last enable reference is released. | |
| # | |
| # Care must be taken to ensure that the main ruleset does not get flushed, | |
| # as the nested anchors rely on the anchor point defined here. In addition, | |
| # to the anchors loaded by this file, some system services would dynamically | |
| # insert anchors into the main ruleset. These anchors will be added only when | |
| # the system service is used and would removed on termination of the service. | |
| # | |
| # See pf.conf(5) for syntax. | |
| # | |
| # | |
| # com.apple anchor point | |
| # | |
| scrub-anchor "com.apple/*" | |
| nat-anchor "com.apple/*" | |
| rdr-anchor "com.apple/*" | |
| dummynet-anchor "com.apple/*" | |
| anchor "com.apple/*" | |
| load anchor "com.apple" from "/etc/pf.anchors/com.apple" | |
| anchor "com.apple.server-firewall/*" | |
| load anchor "com.apple.server-firewall" from "/etc/pf.anchors/com.apple.server-firewall" | |
| # block VNC except localhost | |
| block drop in proto tcp from any to any port 5900 | |
| pass in quick on lo0 proto tcp from any to any port 5900 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment