|
|
@@ -1,14 +1,21 @@
|
|
|
+#ext_if="em0"
|
|
|
set skip on lo0
|
|
|
scrub in all
|
|
|
|
|
|
antispoof for lo0
|
|
|
table <fail2ban> persist
|
|
|
+table <pf-block> persist file "/etc/pf-block.conf"
|
|
|
+table <pf-pass> persist file "/etc/pf-pass.conf"
|
|
|
+pass in quick from <pf-pass> to any keep state
|
|
|
|
|
|
pass out quick all
|
|
|
pass quick on lo0 all
|
|
|
|
|
|
block in all
|
|
|
block in quick from <fail2ban>
|
|
|
+block in quick from <pf-block>
|
|
|
+#antispoof quick for $ext_if
|
|
|
+
|
|
|
pass in quick inet proto icmp all
|
|
|
pass in quick inet6 proto icmp6 all
|
|
|
|
|
|
@@ -16,9 +23,7 @@ pass in quick inet proto tcp from any to any port 22 keep state
|
|
|
pass in quick inet proto tcp from any to any port 80 keep state
|
|
|
pass in quick inet proto tcp from any to any port 443 keep state
|
|
|
pass in quick inet proto tcp from any to any port 7443 keep state
|
|
|
-pass in quick inet proto tcp from any to any port 5060 keep state
|
|
|
-pass in quick inet proto udp from any to any port 5060 keep state
|
|
|
-pass in quick inet proto tcp from any to any port 5080 keep state
|
|
|
-pass in quick inet proto udp from any to any port 5080 keep state
|
|
|
+pass in quick inet proto tcp from any to any port 5060:5091 keep state
|
|
|
+pass in quick inet proto udp from any to any port 5060:5091 keep state
|
|
|
pass in quick inet proto udp from any to any port 16384:32768 keep state
|
|
|
|
FusionPBX