Cybersecurity

Ive been reading for the last week every piece of information on PF that i can find. I am in the process of building a FreeBSD 7.0 Router/Gateway and have been a little stumped by allot of the tutorials/examples out there. Most that I read say that you should always block all! But then I see a rule in the pf.conf that states

Code:

# allow traffic initiated from Router to outside
 pass out quick on $ext_if from ($ext_if) to any modulate state

Does this rule not allow "ALL" traffic to leave the gateway/router? Why would you use a block all instead of just block in if you are going to use a rule like this?

Sorry for the very newbie question. I have allot more but i'll start with the simple one.

Hello every one! I am new to the board.

The idea is to block all traffic by default, and explicity allow traffic you want.

Remember when writing your rules, that PF operates in a 'top-down' fashion, meaning:

Code:

block all
allow all

would allow all traffic, as it overrides the 'block all' rule.

Right. I understand that (forget it while writing rules though ) But if you are going to write a rule that allows "ALL" traffic out why block all? and not just block in? Is it just an accepted standard for writing the rules?

Code:

# allow traffic initiated from Router to outside
 pass out quick on $ext_if from ($ext_if) to any modulate state

Reread the rule. It is allowing 'all' traffic from a particular network interface. Not from all traffic (in general).