summaryrefslogtreecommitdiff
path: root/etc/pf.conf
AgeCommit message (Expand)Author
2017-12-03Disallow the _pbuild user from making TCP/UDP connections in the defaultStuart Henderson
2014-08-23Shrink this to the minimum, but reference /etc/examples/pf.confTheo de Raadt
2014-01-25Change the default PF policy to "block return", including x11 asDarren Tucker
2013-02-13Add a 'block' rule prior to the state creating 'pass' rule. ThisAlexander Hall
2013-01-26Give an example of how to increase the state limit. The 10k limit is tooClaudio Jeker
2011-04-28ftp-proxy(8) now requires a divert-to ruleMike Belopuhov
2009-09-17sync the spamd example to that used in spamd(8); ok beckJason McIntyre
2009-09-11This sample ruleset does not use require-order to mix NAT/rdrStuart Henderson
2009-09-07example spamd rules should be "pass in";Jason McIntyre
2009-09-01add back sample spamd(8) rules, converted appropriately; ok henning@Todd T. Fries
2009-09-01todd reminded me we need to adjust this tooHenning Brauer
2009-06-10pf should block the port range allocated by net.inet.tcp.baddynamicIgor Sobrado
2009-05-30shorter, ok theoHenning Brauer
2009-05-30we want pass, not pass in, so we get state for all connectionsHenning Brauer
2009-04-26remove "set require-order no", it is now the defaultStuart Henderson
2009-04-20do NOT set defaults to their default hereTheo de Raadt
2009-04-06reassembly works different nowHenning Brauer
2009-02-23A newruleset that contains actual blocks people can use if theyTheo de Raadt
2008-05-09now we also need the anchor "relayd/*" in addition to the rdr-anchor.Reyk Floeter
2008-04-02no more /usr/share/pf; pointed out by Rod WhitworthJason McIntyre
2008-02-29add configuration examples to the default pf.conf file (commented out):Reyk Floeter
2007-02-24Make greylisting the default when spamd is enabled. Uses the new -g flagTodd C. Miller
2006-10-24kill extra spacesDavid Krause
2006-10-07'keep state' is now default, and use 'no state' where intended.Ryan Thomas McBride
2006-01-30update for new ftp-proxyCamiel Dobbelaar
2006-01-26set skip is no good idea on int_if in this sample rulseset that alsoHenning Brauer
2005-08-23replace the "pass quick" example line for loopback and the inner interfaceHenning Brauer
2004-04-29reminder to set net.inet.ip.forwarding/net.inet6.ip6.forwarding in sysctl.confMike Frantzen
2004-03-02Simplify pf.conf, provide sample rules for greylisting.Cedric Berger
2004-02-26add src.track timeout and src-nodes limitDavid Krause
2004-01-29sync pf.conf example with spamd(8); ok deraadt@Todd T. Fries
2003-12-05put back lo1David Krause
2003-12-05lo1 no longer exists by default so don't try to use it in examplesDavid Krause
2003-11-18add a commented out 'set debug' defaultDavid Krause
2003-09-02add set fingerprints exampleDavid Krause
2003-06-17add adaptive, interval, and frag timeouts to pf.conf and BNFDavid Krause
2003-03-24Add comments, mostly borrowed from ftp-proxy(8), showing how to set up up.Ian Darwin
2003-03-11remove extra #David Krause
2003-02-28much-needed update to include examples for all seven types of statementsDavid Krause
2003-02-14spamd now uses tables (these load MUCH faster on my ss2); ok deraadtJason Wright
2002-12-30#set limit states unlimited -> 10000, as unlimited is not valid syntax.Daniel Hartmeier
2002-12-23default optimization is "normal", not "default"Henning Brauer
2002-12-23missing }Henning Brauer
2002-12-23-list options with default valuesHenning Brauer
2002-12-21sample spamd stuffTheo de Raadt
2002-12-19indent so it is more clear, add spews thingTheo de Raadt
2002-12-13kill whitespace at EOL; David KrauseHenning Brauer
2002-11-24make the example parseable (quotes around macros)Philipp Buehler
2002-11-16Use macros in sample file, ok dhartmei@Ian Darwin
2002-06-27spell.Federico G. Schwindt
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 16:53:17 +0000