potential threats
you are here :[
-->networks-->OpenBSD PF example rulesets]
base || news || coding || networks || linux || bioinf || stuff || contact
OpenBSD PF example rulesets
here are some example rulesets for pf(4), the packet filter used by
OpenBSD . they are written in
a way that lets you easily adapt them to your needs by changing the
macros defined in them and include comprehensive comments. they also feature
some extra rules that are commented out by default as they are not needed by
all sites. you may simply remove the '#' in front of such rules to enable them.
be sure to understand these rules and adapt them to your needs.
bastion host script
a very simple script that protects a single host running pf(4) that offers no services to the
outside world. examples may be an openbsd workstation inside a LAN or a private openbsd machine
connected to the internet via a DSL or cable modem. no matter whether you're using a private or
public, dynamic or static IP address, this script will protect your box from any connection attempts
made by other hosts.
view pf.conf script for bastion host
screened LAN script
this script is designed to run on an openbsd box that serves as a firewall
to the machines of a local area network, also doing NAT to allow all of them to access the
internet using private IPs. it is assumed that the openbsd firewall has two NICs, one
connected to the internet with a public IP (doesn't matter whether it's static or assigned via DHCP)
and one with a private IP connected (via a hub or switch) to the private network. as the name
"screened LAN script" implies, it does not allow any connections from the outside world (internet)
to the hosts behind it, but it does allow the private clients to initiate outbound connections of
any kind. this is a typical setup of a small LAN at home.
view pf.conf script for a screened LAN
base || news || coding || networks || linux || bioinf || stuff || contact