On Sat, Mar 19, 2011 at 06:05:49AM -0700, johhny_at_poland77 wrote:
> Does somebody has an idea, that what kind of iptables/pf rule must i use to
> achieve this?:
>
> i only want to allow these connections [on the output chain]:
>
> on port 53 output only allow udp - dns
> on port 80 output only allow tcp - http
> on port 443 output only allow tcp - https
> on port 993 output only allow tcp - imaps
> on port 465 output only allow tcp - smtps
> on port 22 output only allow tcp - ssh
> on port 20-21 output only allow cp - ftp
> on port 989-990 output only allow tcp - ftps
> on port 1194 output only allow udp - OpenVPN
>
> So that e.g.: OpenVPN on port 443 would be blocked, because only HTTPS is
> allowed on port 443 outbound.
>
> Any ideas? :\
Yes. Read pf.conf(4):
"pf(4) has the ability to block, pass, and match packets based on
attributes of their layer 3 and layer 4 headers."
That sentence contains the answer.
-Otto
