From owner-freebsd-pf@freebsd.org Mon Jun 6 20:19:28 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 07AC3B6D8A0 for ; Mon, 6 Jun 2016 20:19:28 +0000 (UTC) (envelope-from purpleritza@gmail.com) Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C9DEE1207 for ; Mon, 6 Jun 2016 20:19:27 +0000 (UTC) (envelope-from purpleritza@gmail.com) Received: by mail-it0-x233.google.com with SMTP id z189so52918470itg.0 for ; Mon, 06 Jun 2016 13:19:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=4CPfkhVWusBkROGsT+ZqQLD5QQsupQM2WZtWFznLkn8=; b=bVR2hkYsjK9mdobPZv1yDDzM+wfQstar661uiCK2yaanwTR3GHOKWMPi2RbrVTn7cq +lNBHfNcM2pM89jCKuVzC0zOWQMI/VqDZ94FyOnxeIwWZIB1UQIZBOUwZPSXVEdUB0+r ROPCKmUcvsn+IBOMl2UJet7+CILTSuFtii74B0YMyqsRC2ddZW8QkMSxCKstFnmrUfxX kxqK3Vf49gBJshu6mSNs1LeTVzUtuYabt3Bm0HFjBlwr5X3DMRqRkd6v4v1J1hCTIdVq nNU1u9058Na67LpyFP97XZzUe8rHmk6QcJD+tuWzShLXNqZBMD8Un1Elr5inp/f5UuZn Q02w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=4CPfkhVWusBkROGsT+ZqQLD5QQsupQM2WZtWFznLkn8=; b=LJkXQFXbb1OfpVVhjEYRodLF00mVhS9MGe12h5Foxn9iT7hHKnyEh60DeGBSW9tVxr oBffCBdrN8f37CBaWB+a0LzxwvBsfpN7rvp9Pywtc7pJqoze6LaPU2XpkP1G9L9hrkl+ yhvFIL9yCiAaqqZWH69dqtdMZ1Pwr5c0OCy4hDMSSF8UT5GkcncMn9AiWfXeKJN6zXYQ IEIvSIoE0/94zESCKbvm+dyT4/niNEdeF+Y2gzzaRoqgL3guu/4OWoE1ak4w3qhqsJnw 8h9WKM8z7n25TyciIQQmU7aJT2p3NridSW29qpEML9TZeeGboOd7jK8f4HfNPwJJoR2h +nkA== X-Gm-Message-State: ALyK8tIoJV5dzGyEpl4XwHy/vsOjzR9n32gxIC5xIUaMB9n0Qa5VOaV45sgk7xcOADYPK9E9Ppn35xknnLbFUQ== X-Received: by 10.36.242.67 with SMTP id j64mr708535ith.25.1465244367213; Mon, 06 Jun 2016 13:19:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.120.147 with HTTP; Mon, 6 Jun 2016 13:18:47 -0700 (PDT) From: =?UTF-8?B?R29yYW4gVGVwxaFpxIc=?= Date: Mon, 6 Jun 2016 22:18:47 +0200 Message-ID: Subject: Need someone to review my pf.conf To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 20:19:28 -0000 Hi, I would like someone more skilled than me to glance over my pf.conf I compiled and possibly let me know if it can be secured/tightened further. Here's the conf: http://sprunge.us/fCLH Basically, it's a host with 10-ish jails with various services including SSH, nginx, php-fpm and postfix. Thanks in advance!