# Write my first (simple) PF firewall, need review!



## atmosx (Sep 21, 2012)

Hello,

I just wrote my first PF firewall, see the gist.

If you see anything that needs *correction* please feel free to share your thoughts. I'm new to all this and by no means a networking expert.

The server runs the some services for lan (as you can see) and I will probably add Torrents using a small high-port range in the future, but that's about it.

My question is: *Should I really bother monitoring outgoing connections?*  I'm the only user having access to the host? It sounds overly complicated as I use IRC from to time to time from this host, pkg_add -r, dnsmasq uses random ports to connect to upstream DNS and so on.

Best Regards,


----------



## kpa (Sep 21, 2012)

Use the quick keyword in your pass rules, as soon as you know that the packet should be let trough the rule evaluation should stop there. Now every single packet is evaluated against every rule and that's inefficient. I would also tighten up a few rules that specify proto any to proto { tcp udp }  because they are most likely the only applicable protocols.


----------



## atmosx (Sep 21, 2012)

kpa said:
			
		

> Use the quick keyword in your pass rules, as soon as you know that the packet should be let trough the rule evaluation should stop there. Now every single packet is evaluated against every rule and that's inefficient. I would also tighten up a few rules that specify proto any to proto { tcp udp }  because they are most likely the only applicable protocols.



Thanks, done!


----------

