Hello,
Le 07.01.2010 23:27, Kurt Turner a écrit :
Hello all
In an effort not to create yet another insecure server on the www I'd like
to ensure my pf.conf file is good and secure - will someone please review
this configuration and let me know your thoughts?
I only want to allow www and ssh inbound and have limited access also
outbound - this is a remote web server I do not have access to at all. TIA
...
# keep stats of outging connections
pass out keep state
This rule allows everything out and next outgoing rules won't be checked as this
one first match.
The "keep state" keyword is also not necessary any more since FreeBSD 7. It is
implicit.
Maybe you can just write "block return all", which implies in and out in the
same rule.
Best regards,
--
Olivier THIBAULT
Université François Rabelais - UFR Sciences et Techniques
Laboratoire de Mathématiques et Physique Théorique (UMR CNRS 6083)
Service Informatique de l'UFR
Parc de Grandmont
37200 Tours - France
Email: olivier.thibault at lmpt.univ-tours.fr
Tel: (33)(0)2 47 36 69 12
Fax: (33)(0)2 47 36 70 68
Mobile : (33)(0)6 62 60 80 44
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
