這是本文件的舊版！

設定 pf

/etc/pf.conf：

ext_if="em0"    # 設定網卡

table <ssh_list> { 127.0.0.1 , 192.168.1.1 }    # 填寫允許 ssh 登入的 IP 列表
table <block_list> { 211.180.219.200 , 60.248.76.6}    # 不允許登入的 IP

set block-policy return
scrub in all

# Filtering: the implicit first two rules are
pass in all 
pass out all

block in on $ext_if proto tcp from any to any port 1 >< 1023
block in quick on $ext_if proto tcp from any to any port = 139 
block in quick on $ext_if proto tcp from any to any port = 445 
block in quick on $ext_if proto udp from any to any port 137 >< 138 
block in quick on $ext_if proto tcp from <block_list> to any

# 允許列表中的 IP 登入 ssh
pass  in  on $ext_if proto tcp from <ssh_list> to $ext_if port 22 keep state

啟動 pf

/etc/rc.conf：

pf_enable="YES"
pflog_enable="YES"

# /etc/rc.d/pf start

Sars' History

使用者工具

網站工具

設定 pf

啟動 pf

頁面工具