cat /etc/pf.conf set limit { frags 40000, states 100000 }int_if = "{" vlan

1. cat /etc/pf.conf
2. set limit { frags 40000, states 100000 }
3.  
4. int_if = "{" vlan10 vlan14 vlan21 "}"
5. table <local_ip> const { self }
6. table <admins> { $my_vpn_ip }
7. mgmt_port = "{" 21 22 3389 "}"
8.  
9. # Default
10. set skip on lo0
11.  
12. pass all
13. pass in proto igmp all allow-opts
14. pass out proto igmp all allow-opts
15.  
16.  
17. pass in quick proto icmp from any to any
18.  
19.  
20. # local IPs
21. block in inet proto tcp from any to <local_ip> port 22
22. pass in inet proto tcp from <admins> to <local_ip> port 22
23.  
24. # Mgmt
25. block out on $int_if proto tcp from any to any port $mgmt_port
26. pass out on $int_if proto tcp from <admins> to any port $mgmt_port