# pf mac...



## balte (Nov 28, 2009)

Hi,
i need to configure pf rules. Computer on which i have pf use only www and auth. 

block all
tcp = "{ www, auth}"
pass out proto tcp to any port $tcp

Is these rules enough for this computer security or should something else to add ?


----------



## graudeejs (Nov 28, 2009)

```
services = "{ http, https, auth, domain, nameserver }"
block all
pass out from any to any port $services
```

I think this should do the trick

note, this allows outgoing connection. If you want to make server, you need to allow incoming connections.
You didn't mention, what exactly you want to build.

This might not be sufficient (sometimes html are on 8080, for example)


you should take a look at /etc/services


This is my personal rule for html, that i use

```
pass out on $ext_if $net_type proto { tcp, udp } from { $ext_ip, <jail_ip_list> } to any port { http, https, domain, nameserver } group { users, wheel } keep state queue web
```


----------



## balte (Nov 28, 2009)

Tnx i will try all service whether the work.


----------

