Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- tcp_services="{ ssh, http, domain }"
- udp_services="{ domain }"
- icmp_types="echoreq"
- syn_only="S/FSRA"
- ext_if="em0"
- set block-policy drop
- set loginterface $ext_if
- set skip on lo
- scrub in all
- anchor "incoming" in on $ext_if {
- pass quick inet6 proto icmp6 keep state
- pass quick inet proto icmp all icmp-type $icmp_types keep state
- pass quick proto tcp to port $tcp_services flags $syn_only keep state
- pass quick proto udp to port $udp_services
- }
- anchor "outgoing" out on $ext_if {
- pass quick keep state
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement