nugget pf.conf

# Let's just trust localhost (we run OpenBSD for a reason) pass in quick on lo0 from any to lo0 pass out quick on lo0 from any to lo0 # By default, we will block everyone and everything coming in block in all # Yet we will accept ssh sessions (both over IPv4 and IPv6) pass in proto tcp from any to any port 22 keep state # Outgoing traffic is OK, here we keep state so returning packets # are accepted too. pass out proto { tcp, udp, icmp, ipv6-icmp } all keep state # Paul 'why dont i get a router advertisement ?' de Weerd is an # absolute asshole : pass in proto ipv6-icmp all ## Allow access to the Quake 3 server : #pass in proto udp from any to any port 27960 keep state ## Allow nameserver queries .. #pass in proto udp from any to any port 53 keep state #pass in proto tcp from any to any port 53 keep state pass in proto tcp from any to any port 21 keep state ## running xmon on localhost:1.* for X11 protocol analyzing #pass in proto tcp from any to any port 6001 keep state