Well I only selectively compress different parts of the file system. For example I compress /usr/ports and then turn off compression for /usr/ports/distfiles which typically already contains compressed files. Also because you use one large tank you have less disk space concerns but you still have the ability to divide up your areas and control things like compression, setuid and things like that.
FreeBSD + pf = whoops
- Thread starter Dark Atheist
- Start date
- Joined
- 8 Apr 2003
- Messages
- 6,376
ext_if = "nfe0"
int_if = "nfe1"
set block-policy drop
scrub in all
block in on $ext_if
antispoof for $ext_if inet
pass out on $ext_if proto { tcp, udp, icmp } all modulate state
pass in on $int_if from { 164.168.1.2/24 } to any
pass in on $ext_if from { 192.168.1.2/24 } to any
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 80
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 2010
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 444
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6500
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6501
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6502
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6503
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6504
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6505
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6505
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6506
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6507
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6508
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6509
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6510
table <friends> { some.dns.name1, somedns.name2, somedns.name3, some.dns.name4 }
pass in on $ext_if from <friends> to { 80, 443, 2010, 6500-6510 }
is my pf.conf file now - in case anyone else who is just starting out using FreeBSD might find it useful
int_if = "nfe1"
set block-policy drop
scrub in all
block in on $ext_if
antispoof for $ext_if inet
pass out on $ext_if proto { tcp, udp, icmp } all modulate state
pass in on $int_if from { 164.168.1.2/24 } to any
pass in on $ext_if from { 192.168.1.2/24 } to any
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 80
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 2010
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 444
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6500
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6501
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6502
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6503
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6504
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6505
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6505
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6506
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6507
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6508
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6509
pass in on $ext_if proto tcp from { xxx.xxx.xxx.xxx } to $ext_if port 6510
table <friends> { some.dns.name1, somedns.name2, somedns.name3, some.dns.name4 }
pass in on $ext_if from <friends> to { 80, 443, 2010, 6500-6510 }
is my pf.conf file now - in case anyone else who is just starting out using FreeBSD might find it useful
Members online
No members online now.
Affiliates
Latest profile posts
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone.
Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.