Created
May 15, 2013 04:53
-
-
Save scottslowe/5581710 to your computer and use it in GitHub Desktop.
A very simple set of pf rules, in the right order, that might be used with pf on OS X Mountain Lion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Options | |
| set block-policy drop | |
| set fingerprints "/etc/pf.os" | |
| set ruleset-optimization basic | |
| set skip on lo0 | |
| # Normalization | |
| # Scrub incoming packets | |
| scrub in all no-df | |
| # Queueing | |
| # Translation | |
| # Filtering | |
| # Antispoof | |
| antispoof log quick for { lo0 en0 en2 } | |
| # Block by default | |
| block in log | |
| # Block to/from illegal destinations or sources | |
| block in log quick from no-route to any | |
| # Allow critical system traffic | |
| pass in quick inet proto udp from any port 67 to any port 68 | |
| # Allow ICMP from home LAN | |
| pass in log proto icmp from 192.168.254.0/24 | |
| # Allow outgoing traffic | |
| pass out inet proto tcp from any to any keep state | |
| pass out inet proto udp from any to any keep state |
Hey Scott! I've been looking all over for the rule to allow a user to only view one website, like:
block all
pass out port xxxx
something like that - do you think it would work?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Can you explain what different steps do?