To set up the PF firewall on a FreeBSD system, follow these steps:
- Install PF:
# pkg install pf
- Enable PF on boot:
echo pf_enable="YES" >> /etc/rc.conf
- Configure firewall rules: Create a file named
/etc/pf.conf
and add the firewall rules. Here is an example configuration to protect a web server:
# Interfaces
ext_if="vtnet0"
int_if="lo0"
# Variables
web_srv="192.168.0.100"
# Default policies
block all
pass out all keep state
# Allow incoming ssh
pass in on $ext_if proto tcp from any to any port 22 keep state
# Allow incoming http and https
pass in on $ext_if proto tcp from any to $web_srv port {80, 443} keep state
# Block incoming all other traffic
block in all
- Load the firewall rules:
pfctl -f /etc/pf.conf
- Enable PF firewall:
# pfctl -e
Now, the PF firewall should be protecting the web server from unwanted traffic. You can use the pfctl
command to manage the firewall rules, such as reloading the rules, displaying status, and more.