PF firewall question (new to PF)

neurosis · November 14, 2008, 3:30pm

Ive been reading for the last week every piece of information on PF that i can find. I am in the process of building a FreeBSD 7.0 Router/Gateway and have been a little stumped by allot of the tutorials/examples out there. Most that I read say that you should always block all! But then I see a rule in the pf.conf that states

# allow traffic initiated from Router to outside
 pass out quick on $ext_if from ($ext_if) to any modulate state

Does this rule not allow "ALL" traffic to leave the gateway/router? Why would you use a block all instead of just block in if you are going to use a rule like this?

Sorry for the very newbie question. I have allot more but i'll start with the simple one.

Hello every one! I am new to the board.

glen.barber · November 14, 2008, 3:45pm

The idea is to block all traffic by default, and explicity allow traffic you want.

Remember when writing your rules, that PF operates in a 'top-down' fashion, meaning:

block all
allow all

would allow all traffic, as it overrides the 'block all' rule.

neurosis · November 14, 2008, 4:58pm

Right. I understand that (forget it while writing rules though :rolleyes:) But if you are going to write a rule that allows "ALL" traffic out why block all? and not just block in? Is it just an accepted standard for writing the rules?

glen.barber · November 14, 2008, 5:08pm

# allow traffic initiated from Router to outside
 pass out quick on $ext_if from ($ext_if) to any modulate state

Reread the rule. It is allowing 'all' traffic from a particular network interface. Not from all traffic (in general).