pf.conf

gistfile1.txt

## Set your server public IP address ##
ext_if="vio0"
ext_if_ip=""

## Set and drop these IP ranges on public interface ##
martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
          10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
          0.0.0.0/8, 240.0.0.0/4 }"
webports = "{http, https}"

set reassemble yes no-df
set skip on lo

block return
block out all


# Drop all Non-Routable Addresses
block drop in quick on $ext_if from $martians to any
block drop out quick on $ext_if from any to $martians

## Blocking spoofed packets
antispoof quick for $ext_if

pass in quick on vio0 inet proto tcp from any to $ext_if_ip port 80 rdr-to 127.0.0.1 port 9091 keep state
pass in quick on vio0 inet proto tcp from any to $ext_if_ip port 443 rdr-to 127.0.0.1 port 9090

# build user does not need network
block return out log proto {tcp udp} user _pbuild

block drop in log inet proto tcp from any to any port 9100
block drop in log inet proto tcp from any to any port 64295

pass in quick inet proto tcp from {  } to any port 9100 keep state
pass in quick inet proto tcp from { } to any port 64295 keep state

pass out on $ext_if proto tcp to any port 80 
pass out on $ext_if proto tcp to any port 443 
pass out on $ext_if proto udp to any port 53 keep state
pass out quick on $ext_if proto tcp to any port 123 keep state
pass out on $ext_if proto tcp to 0.0.0.0 port 64295 keep state