O'Reilly logo

The Book of PF by Peter N.M. Hansteen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Slightly Stricter, with Lists and Macros

The first rule set was an extremely simple example, and even though we could use it to demonstrate some basics about how networks and packet filtering work, it is probably too simplistic for practical use. For a slightly more structured and complete setup, we can construct a slightly more realistic example. However, this rule set is still based on the single, stand-alone system that connects to one network.

In this configuration, we'll start by denying everything and then allowing only those things we know that we need.[11] This gives us the opportunity to introduce two of the features that make PF such a wonderful tool: lists and macros.

We'll make some changes to /etc/pf.conf, starting with

block all

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required