pf best practices: in or out
Aristedes Maniatis
ari at ish.com.au
Mon Jun 25 07:44:23 UTC 2018
On 25/6/18 5:30pm, Walter Parker wrote:
> The use case for pass out rules would be to block local processes on
> the box from making external connections to other servers.
> This is useful if you don't fully trust users or software running on
> your equipment. Also, this would useful to preemptively block ports
> that would be useful in DDOS attacks.
Ah, then I misunderstood what pass-in and pass-out meant. I thought
those words referred to the interface, so it would hit pass-in to the
interface even if coming from a local process.
In that case I'm better writing all my outbound rules as pass-out so as
to equally filter traffic from the internal network and local firewall
machine.
Ari
More information about the freebsd-stable
mailing list