diff options
| author | Alexander Hall <halex@cvs.openbsd.org> | 2013-02-13 23:11:15 +0000 |
|---|---|---|
| committer | Alexander Hall <halex@cvs.openbsd.org> | 2013-02-13 23:11:15 +0000 |
| commit | 7d94210036c7bdc418abb2f8f20c3bf4950bd30e (patch) | |
| tree | 7d2f079cb32713ecca419034525283d5c8c0c902 /etc | |
| parent | caac358034bc354ecb6dcd21300fa7cba355936d (diff) | |
Add a 'block' rule prior to the state creating 'pass' rule. This
way, TCP packets of e.g. timed out states are blocked rather than
passed by the implicit default pass rule.
sthen@ benno@ phessler@ mikeb@ agrees
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/pf.conf | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/pf.conf b/etc/pf.conf index da750651432..963bd28ed19 100644 --- a/etc/pf.conf +++ b/etc/pf.conf @@ -1,4 +1,4 @@ -# $OpenBSD: pf.conf,v 1.51 2013/01/26 17:12:21 claudio Exp $ +# $OpenBSD: pf.conf,v 1.52 2013/02/13 23:11:14 halex Exp $ # # See pf.conf(5) for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 @@ -16,7 +16,8 @@ set skip on lo # anchor for relayd(8) #anchor "relayd/*" -pass # to establish keep-state +block # block stateless traffic +pass # establish keep-state # rules for spamd(8) #table <spamd-white> persist |