28 lines
614 B
Plaintext
28 lines
614 B
Plaintext
# TODO: Rate-limit ssh
|
|
|
|
$services = { ssh, mdns }
|
|
|
|
group "services" in {
|
|
pass stateful proto { tcp, udp } to any port $services
|
|
}
|
|
|
|
group "icmp" in {
|
|
pass stateful proto icmp icmp-type echo all
|
|
|
|
pass stateful proto ipv6-icmp icmp-type echo all
|
|
pass stateful proto ipv6-icmp icmp-type rtsol all
|
|
pass stateful proto ipv6-icmp icmp-type rtadv all
|
|
pass stateful proto ipv6-icmp icmp-type neighsol all
|
|
pass stateful proto ipv6-icmp icmp-type neighadv all
|
|
}
|
|
|
|
group "localhost" in on lo0 {
|
|
pass stateful all
|
|
}
|
|
|
|
group default {
|
|
block all
|
|
|
|
pass stateful out all
|
|
}
|