here's an example
## block incoming packets with ip options set
block in on fxp0 log all with ipopts
# These rules will allow connections initiated from
# this host along with the return connection
block out on fxp0 log proto icmp all keep state
block out on fxp0 log proto tcp all keep state
block out on fxp0 log proto udp all keep state
## en exceptional connection to our friendly net
pass out on fxp0 log proto tcp from any to 95.113.4.58
pass out on fxp0 log proto tcp from any to 93.162.146.4
## dns
pass out quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass out quick on fxp0 proto udp from any to any port = 53 keep state
## allow ssh/scp/sftp from internet
pass in quick on fxp0 log proto tcp from any to any port = 6992 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 6992 flags S keep state
## allow special outgoing connection
pass out quick on fxp0 proto tcp from any to any port = 5995 flags S keep state
## allow ssh/scp/sftp from a friendly IP to a port that goes further redirected
pass in quick on fxp0 log proto tcp from 190.176.119.162 to any port = 8562 flags S keep state
## allow pop3 to the internet
pass out quick on fxp0 proto tcp from any to any port = 110 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 995 flags S keep state
## allow imap3 to the internet
pass out quick on fxp0 proto tcp from any to any port = 143 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 993 flags S keep state
## allow smtp to the internet
pass out quick on fxp0 proto tcp from any to any port = 25 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 465 flags S keep state
## allow http to/from internet
pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state
pass in quick on fxp0 log proto tcp from any to any port = 443 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 443 flags S keep state
## allow pings to internet
pass out quick on fxp0 log proto icmp from any to any icmp-type 8 keep state
## allow outgoing ftp requests - active ftp needs to open ports from outside
pass out quick on fxp0 log proto tcp from any to any port = 21 flags S keep state
pass in quick on fxp0 log proto tcp from any to any port = 20 flags S keep state
pass in quick on fxp0 log proto udp from any to any port = 20
pass out quick on fxp0 log proto tcp from any to any port > 1023 flags S keep state
pass out quick on fxp0 log proto udp from any to any port > 1023
pass in quick on fxp0 log proto tcp from any port = 20 to any port > 1023 flags S keep state
pass in quick on fxp0 log proto udp from any port = 20 to any port > 1023
## allow rdesktop out
pass out quick on fxp0 log proto tcp from any to any port = 3389 flags S keep state
pass out quick on fxp0 log proto udp from any to any port = 3389
## allow mms streaming requests
pass out quick on fxp0 log proto tcp from any to any port = 554 flags S keep state
pass out quick on fxp0 log proto tcp from any to any port = 1755 flags S keep state
pass out quick on fxp0 log proto udp from any to any port = 1755
pass out quick on fxp0 log proto tcp from any to any port = 8080 flags S keep state
pass out quick on fxp0 log proto udp from any to any port = 8080
## allow two special connexions from our friendly IP
pass in quick on fxp0 log proto tcp from 190.176.119.162 to any port = 3389 flags S keep state
pass in quick on fxp0 log proto tcp from 190.176.119.162 to any port = 22 flags S keep state
## allow rdesktop from chosen IPs only
pass in quick on fxp0 log proto tcp from 177.240.179.220 to any port = 3389 flags S keep state
pass in quick on fxp0 log proto tcp from 177.240.179.221 to any port = 3389 flags S keep state
pass in quick on fxp0 log proto tcp from 177.240.179.222 to any port = 3389 flags S keep state
pass in quick on fxp0 log proto tcp from 177.240.179.223 to any port = 3389 flags S keep state
pass in quick on fxp0 log proto tcp from 178.102.245.116 to any port = 3389 flags S keep state
pass in quick on fxp0 log proto tcp from 194.112.148.244 to any port = 3389 flags S keep state
## allow outgoing gsiftp and eftp
pass out quick on fxp0 log proto tcp from any to any port = 2811 flags S keep state
pass out quick on fxp0 log proto udp from any to any port = 2811
pass out quick on fxp0 log proto tcp from any to any port = 2121 flags S keep state
pass out quick on fxp0 log proto udp from any to any port = 2121
- HOME
~~~~~~~~~~~~~~~
- OpenBSD
- NetBSD
- FreeBSD
- Linux
- Solaris
- Windows
~~~~~~~~~~~~~~~
- Git
- Ansible
- Atlassian
- Network tools
- Qemu
- Virtualbox
- Vim
- Tmux
- Mutt
- STar
~~~~~~~~~~~~~~~
- MySQL
- PostgreSQL
- Postfix
- OpenSSL
- tcpdump
- SSH
~~~~~~~~~~~~~~~
- Packet Filter
- IP Filter
~~~~~~~~~~~~~~~
- Bash
- web-dev
- Hacking
- LINUX DAYS