Last active
June 25, 2016 18:50
-
-
Save yarwelp/12d3565f2a0a2d1b061b35eb63685872 to your computer and use it in GitHub Desktop.
FreeBSD 10.3 mail server pf config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| altq on vtnet0 cbq bandwidth 1Gb queue { mydefault, mymail, myssh, myhttp } | |
| queue mydefault bandwidth 192Kb priority 1 cbq(default) | |
| queue mymail bandwidth 79% priority 7 cbq(borrow) | |
| queue myssh bandwidth 10% priority 6 cbq(borrow) | |
| queue myhttp bandwidth 10% priority 5 cbq(borrow) | |
| block in all | |
| pass out all keep state | |
| pass in all # for now | |
| # POP3 | |
| pass out on vtnet0 proto tcp from any port 110 to any queue mail | |
| pass out on vtnet0 proto tcp from any port 995 to any queue mail | |
| pass out on vtnet0 proto tcp from any to any port 110 queue mail | |
| pass out on vtnet0 proto tcp from any to any port 995 queue mail | |
| # IMAP | |
| pass out on vtnet0 proto tcp from any port 143 to any queue mail | |
| pass out on vtnet0 proto tcp from any port 993 to any queue mail | |
| pass out on vtnet0 proto tcp from any to any port 143 queue mail | |
| pass out on vtnet0 proto tcp from any to any port 993 queue mail | |
| # SMTP | |
| pass out on vtnet0 proto tcp from any port 25 to any queue mail | |
| pass out on vtnet0 proto tcp from any port 465 to any queue mail | |
| pass out on vtnet0 proto tcp from any to any port 25 queue mail | |
| pass out on vtnet0 proto tcp from any to any port 465 queue mail | |
| # SSH. I use port 443 as well, in case 22 is blocked. | |
| pass out on vtnet0 proto tcp from any port 22 to any queue ssh | |
| pass out on vtnet0 proto tcp from any port 443 to any queue ssh | |
| # HTTP | |
| pass out on vtnet0 proto tcp from any port 80 to any queue http | |
| pass out on vtnet0 proto tcp from any to any port 80 queue http |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Packet filter | |
| pf_enable="YES" # Enable PF (load module if required) | |
| pf_rules="/etc/pf.conf" # rules definition file for pf | |
| pf_flags="" # additional flags for pfctl startup | |
| pflog_enable="YES" # start pflogd(8) | |
| pflog_logfile="/var/log/pflog" # where pflogd should store the logfile | |
| pflog_flags="" # additional flags for pflogd startup |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- /usr/src/sys/amd64/conf/GENERIC 2016-06-25 19:07:11.790333000 +0200 | |
| +++ /usr/src/sys/amd64/conf/WALTQ 2016-06-25 19:12:42.994652000 +0200 | |
| @@ -363,3 +363,17 @@ | |
| # VMware support | |
| device vmx # VMware VMXNET3 Ethernet | |
| + | |
| +# Added as per http://microsux.dk/?p=321 | |
| + | |
| +device pf | |
| +device pflog | |
| +device pfsync | |
| + | |
| +options ALTQ | |
| +options ALTQ_CBQ # Class-based Queuing (CBQ) | |
| +options ALTQ_RED # Random Early Detection (RED) | |
| +options ALTQ_RIO # RED In/Out | |
| +options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) | |
| +options ALTQ_PRIQ # Priority Queuing (PRIQ) | |
| +options ALTQ_NOPCC # Required for SMP build |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sudo pfctl -F all -f /etc/pf.conf:(