swaggboi/netbsd_dot_files
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make firewall 'one size fits all'

Browse Source
This commit is contained in:
swagg boi 2025-03-23 17:38:12 -04:00
parent f713492679
commit c9a777dc5d
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
my_etc/npf.conf
View File

@ -1,12 +1,7 @@
# TODO: Allow in ICMP(v6) by message type # TODO: Allow in ICMP(v6) by message type
# TODO: Rate-limit ssh # TODO: Rate-limit ssh
# ICMP(v6) $services = { mdns, ssh }
alg "icmp"
group "services" in on vioif0 {
pass stateful proto tcp to any port ssh
}
group "localhost" in on lo0 { group "localhost" in on lo0 {
pass stateful all pass stateful all
@ -16,6 +11,8 @@ group default {
# Default rule # Default rule
block all block all
pass stateful in proto { tcp, udp } to any port $services
# Let it goooooo # Let it goooooo
pass stateful out all pass stateful out all
} }