Configure pf Firewall
The philosophy we will use for the fire wall is that we split in 2 or 4 paths depending on the traffic initiated outside or inside. We als split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book. So the general layout of the pf file is
- Macro Definitions ####
# Macro definitions # Stateful Tracking Options (STO) # TABLES # OPTIONS # TRAFFIC NORMALISATION # QUEUEING # TRANSLATION # PACKET FILTERING #====================================================== # ext-if #======================================== # ext-if IN #=========================== # ext-if IN TCP #=========================== # ext-if IN UDP #=========================== # ext-if IN IMCP #======================================== # ext-if OUT #=========================== # ext-if OUT TCP #=========================== # ext-if OUT UDP #=========================== # ext-if OUT IMCP #====================================================== # int-if #======================================== # int-if IN #=========================== # int-if IN TCP #=========================== # int-if IN UDP #=========================== # int-if IN ICMP #======================================== # int-if OUT #=========================== # int-if OUT TCP #=========================== # int-if OUT UDP #=========================== # int-if OUT ICMP