Robert,
You rule looks ok. You may want to add a variable for the port number
so you can add or delete them as needed. Something like...
### Ports
AllowOUT="{22, 80, 443}"
### Pass out interface
pass out on $int_if proto tcp from ($int_if) to any port $AllowOUT modulate
state flags S/SA
Hope this helps,
OpenBSD Pf Firewall "how to" ( pf.conf )
https://calomel.org/pf_config.html
--
Calomel @ https://calomel.org
Open Source Research and Reference
On Fri, Jun 20, 2008 at 02:10:52PM -0700, Robert Gilaard wrote:
>Hi folks,
>
>All the time I had the following entries in my pf.conf for my Desktop system.
>However, as I've bought this pf book that was lately released, I begin to
>suspect that these rules are way to liberal.
>
>If I only want to be able to browse the web and maybe use ssh-client, how
>should I rewrite the rules so that only those ports are open (80,443 and 22)?
>
>I guess i'm looking forward to a RTFM answer, but hey, I wouldn't ask if I
>knew how to write them.
>
>The best I could guess is:
>
>pass out on $int_if proto tcp from any to any port 80 modulate state flags S/SA
>
>But I don't know if this is correct.
>
>Brgds
>Robert
