Hi all, I am following daniel hartmeier's example pf.conf [http://www.benzedrine.cx/pf.conf].
Something that I notice is that daniel allows all outgoing TCP and UDP traffic regardless of where it is going. Question: Isn't this a bad thing ? I would have thought it is best practice to only allow incomming and outgoing connections _explicitly_. With the reason being some OS upload information to base camp (redmond) for statistical analsyis. I do something along the lines of: pass out on $EXT_IF inet proto tcp from $INT_IF:network to any \ port {80,443,22,21,20,6667} flags S/SA keep state So in a nutshell, do most of you guys just allow all TCP/UDP traffic out ? Or is what I am currently doing better ? Cheers - Alex