summaryrefslogtreecommitdiff
path: root/etc/pf.conf
AgeCommit message (Collapse)Author
2011-04-28ftp-proxy(8) now requires a divert-to ruleMike Belopuhov
2009-09-17sync the spamd example to that used in spamd(8); ok beckJason McIntyre
2009-09-11This sample ruleset does not use require-order to mix NAT/rdrStuart Henderson
and filter rules, because we no longer have translation rules. Pointed out by Mitja Muzenic, ok henning@
2009-09-07example spamd rules should be "pass in";Jason McIntyre
2009-09-01add back sample spamd(8) rules, converted appropriately; ok henning@Todd T. Fries
2009-09-01todd reminded me we need to adjust this tooHenning Brauer
2009-06-10pf should block the port range allocated by net.inet.tcp.baddynamicIgor Sobrado
for the X protocol instead of port 6000 only; this way pf provides the same protection level to all X servers. ok sthen@; "I am convinced that 6000-6010 is acceptable for blocking in pf" deraadt@, "i'd thought of something similar" oga@
2009-05-30shorter, ok theoHenning Brauer
2009-05-30we want pass, not pass in, so we get state for all connectionsHenning Brauer
2009-04-26remove "set require-order no", it is now the defaultStuart Henderson
2009-04-20do NOT set defaults to their default hereTheo de Raadt
2009-04-06reassembly works different nowHenning Brauer
2009-02-23A newruleset that contains actual blocks people can use if theyTheo de Raadt
uncomment them. this is no longer a sample. everything in here now must be completely legit. discussed at length with henning, claudio, and sthen ok sthen
2008-05-09now we also need the anchor "relayd/*" in addition to the rdr-anchor.Reyk Floeter
ok pyr@
2008-04-02no more /usr/share/pf; pointed out by Rod WhitworthJason McIntyre
2008-02-29add configuration examples to the default pf.conf file (commented out):Reyk Floeter
- rdr-anchor "relayd/*": the anchor used by relayd to load redirections into pf. - pass in on $ext_if proto icmp to ($ext_if): it is a bad habit to block icmp, this example proposes to allow it by default. ok henning@
2007-02-24Make greylisting the default when spamd is enabled. Uses the new -g flagTodd C. Miller
for spamd-setup. OK beck@
2006-10-24kill extra spacesDavid Krause
2006-10-07'keep state' is now default, and use 'no state' where intended.Ryan Thomas McBride
2006-01-30update for new ftp-proxyCamiel Dobbelaar
ok henning@
2006-01-26set skip is no good idea on int_if in this sample rulseset that alsoHenning Brauer
has a rdo on $int_if that stops working then. pt out by cedric
2005-08-23replace the "pass quick" example line for loopback and the inner interfaceHenning Brauer
with a set skip statement to the same effect, performs way better suggested by Stuart Henderson <stu@spacehopper.org>, theo ok
2004-04-29reminder to set net.inet.ip.forwarding/net.inet6.ip6.forwarding in sysctl.confMike Frantzen
ok cedric@ mcbride@
2004-03-02Simplify pf.conf, provide sample rules for greylisting.Cedric Berger
ok beck@, input from many.
2004-02-26add src.track timeout and src-nodes limitDavid Krause
ok mcbride@
2004-01-29sync pf.conf example with spamd(8); ok deraadt@Todd T. Fries
2003-12-05put back lo1David Krause
requested by deraadt@
2003-12-05lo1 no longer exists by default so don't try to use it in examplesDavid Krause
ok henning@
2003-11-18add a commented out 'set debug' defaultDavid Krause
ok henning@
2003-09-02add set fingerprints exampleDavid Krause
ok deraadt@ henning@ frantzen@
2003-06-17add adaptive, interval, and frag timeouts to pf.conf and BNFDavid Krause
ok henning@ dhartmei@
2003-03-24Add comments, mostly borrowed from ftp-proxy(8), showing how to set up up.Ian Darwin
Improved & OK'd by dhartmei@, david@, millert@.
2003-03-11remove extra #David Krause
ok henning@
2003-02-28much-needed update to include examples for all seven types of statementsDavid Krause
queueing and table examples are from the fosdem2k3 presentation spamd rdr simplification from henning@ ok dhartmei@ henning@
2003-02-14spamd now uses tables (these load MUCH faster on my ss2); ok deraadtJason Wright
2002-12-30#set limit states unlimited -> 10000, as unlimited is not valid syntax.Daniel Hartmeier
2002-12-23default optimization is "normal", not "default"Henning Brauer
2002-12-23missing }Henning Brauer
2002-12-23-list options with default valuesHenning Brauer
-correct order -various spelling/grammar/consistency from David Krause with feedback from dhartmei@
2002-12-21sample spamd stuffTheo de Raadt
2002-12-19indent so it is more clear, add spews thingTheo de Raadt
2002-12-13kill whitespace at EOL; David KrauseHenning Brauer
2002-11-24make the example parseable (quotes around macros)Philipp Buehler
from sam smith, thx henning@ ok
2002-11-16Use macros in sample file, ok dhartmei@Ian Darwin
2002-06-27spell.Federico G. Schwindt
2002-06-22add a commented out scrub exampleHenning Brauer
ok frantzen@
2002-06-17merge nat.conf here as wellHenning Brauer
add more simple filter rule examples "commit it" deraadt@
2001-11-16The implicit pass rules come first, not last. Spotted by alec@dtkco.com.Daniel Hartmeier
2001-06-26Point to pf.conf(5) and nat.conf(5) for helpsmart
2001-06-26change default pf configuration files to pf.conf and nat.conf. ok theoKjell Wooding