Home A - Z
Page Index 
# pf

#### view ssh blacklist
    blacklistctl dump -b

#### Activate pf and pflog
    sysrc pf_enable=yes
    sysrc pflog_enable=yes
    service pf start
    service pflog start

#### View pflog
    tcpdump -n -e -ttt -r /var/log/pflog

#### Most Basic pf.conf
```title="/etc/pf.conf"
ext_if="vtnet0"

block in all
pass out all keep state

pass in on $ext_if proto tcp to ($ext_if) port ssh
```

#### Reasonable config for VPS with jail support
```
ext_if="vtnet0"
wg_if="wg0"

set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo

table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
rdr-anchor "rdr/*"

block in all
pass out quick keep state
antispoof for $ext_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep state
pass in inet proto tcp from any to any port 443 flags S/SA keep state
pass in quick inet proto icmp all
pass in on $wg_if from any to any
```
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9