Slightly Stricter: Using Lists and Macros for Readability
The rule set in the previous section is an extremely simple one—probably too simplistic for practical use. But it's a useful starting point to build from to create a slightly more structured and complete setup. We’ll start by denying all services and protocols, and then allow only those that we know that we need[12] using lists and macros for better readability and control.
A list is simply two or more objects of the same type that you can refer to in a rule set, such as this:
pass proto tcp to port { 22 80 443 }
Here, { 22 80 443 }
is a list.
A macro is a pure readability tool. If you have objects that you will refer to more than once in your configuration, such as an IP address for an important ...
Get The Book of PF, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.