Example FreeBSD PF Firewall Configuration File
Updated
V
Software Developer
This is an example configuration for the PF Firewall on FreeBSD for my own usage. It may serve as an example to you. It allows SSH, HTTP and Syncthing communications.
/etc/pf.conf
# Block everything in by default
block in all
# Allow everything out by default
pass out all
# Allow SSH
pass in proto { tcp udp } from any to any port 22
# Allow HTTP
pass in proto tcp from any to port { http https }
# Allow Certbot
pass out proto { tcp udp } to port { 53 80 443 }
# Syncthing
pass in proto { tcp udp } from any to any port 22000
pass in proto { tcp } from any to any port 8384
Example Configuration with Macros
# --- Port Macros (Variables)
ssh_ports = "{ 22 }" # SSH
web_ports = "{ 80, 443 }" # HTTP/HTTPS
certbot_ports = "{ 53, 80, 443 }" # DNS, HTTP, HTTPS for Certbot
syncthing_ports = "{ 22000 }" # Syncthing main
syncthing_gui = "{ 8384 }" # Syncthing GUI
# --- Rules
# Block everything inbound by default
block in all
# Allow everything outbound by default
pass out all
# SSH
pass in proto { tcp udp } from any to any port $ssh_ports
# HTTP/HTTPS
pass in proto tcp from any to any port $web_ports
# Certbot outbound (DNS, HTTP, HTTPS)
pass out proto { tcp udp } to any port $certbot_ports
# Syncthing
pass in proto { tcp udp } from any to any port $syncthing_ports
pass in proto tcp from any to any port $syncthing_gui
