Last active
August 25, 2025 14:52
-
-
Save victoroalvarez/4e0ff8d3713ce1e737aacad7a6b70951 to your computer and use it in GitHub Desktop.
Example PF Firewall Configuration with Macros
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # --- Port Macros (Variables) | |
| ssh_ports = "{ 22 }" # SSH | |
| web_ports = "{ 80, 443 }" # HTTP/HTTPS | |
| certbot_ports = "{ 53, 80, 443 }" # DNS, HTTP, HTTPS for Certbot | |
| syncthing_ports = "{ 22000 }" # Syncthing main | |
| syncthing_gui = "{ 8384 }" # Syncthing GUI | |
| # --- Rules | |
| # Block everything inbound by default | |
| block in all | |
| # Allow everything outbound by default | |
| pass out all | |
| # SSH | |
| pass in proto { tcp udp } from any to any port $ssh_ports | |
| # HTTP/HTTPS | |
| pass in proto tcp from any to any port $web_ports | |
| # Certbot outbound (DNS, HTTP, HTTPS) | |
| pass out proto { tcp udp } to any port $certbot_ports | |
| # Syncthing | |
| pass in proto { tcp udp } from any to any port $syncthing_ports | |
| pass in proto tcp from any to any port $syncthing_gui |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment