Guide to Unix/BSD/OpenBSD/As a Firewall

From Wikibooks, open books for an open world
< Guide to Unix‎ | BSD‎ | OpenBSD
Jump to navigation Jump to search

OpenBSD includes PF ("packet filter") as a firewall.

Getting Started[edit]

To turn PF on, on boot up, create the configuration file rc.conf.local.

vi /etc/rc.conf.local

To activate PF on boot up enter the following in the configuration file:

pf=YES

To enable PF manually, enter in the following command:

pfctl -e

To disable PF manually, enter in the following command:

pfctl -d

Congratulation, you are now protected by one of the best firewalls available.

Configuring PF[edit]

Pf is a very good firewall by default however it also contains a few options. You can change the configuration of pf by editing the configuration file /etc/pf.conf.


Wrong information.

Scrubbing[edit]

Scrubbing defragments and in some cases rejects fragmented packets. This prevents your computer from becoming fragmented, however it also causes a lot of packets to be lost. To scrub an network interface enter the following in you /etc/pf.conf:

scrub <in/out> <interface>

A simple example of this is scrubing all of the incoming interfaces.

scrub in all

Authors[edit]

If you made a contribution to this article please feel free to add your username.

See Also[edit]

  • PF on Wikipedia

References[edit]