Commits

Zhang Huangbin committed 6aaa90f

Update pf.conf.

  • Participants
  • Parent commits fb285af

Comments (0)

Files changed (1)

iRedMail/samples/pf.conf

-# Basic OpenBSD PF rules, based on the original /etc/pf.conf.
+# Basic PF rules for mail server.
 
+mail_services="{www, https, submission, imap, imaps, pop3, pop3s, ssh}"
+
+table <spamd-white> persist
+table <nospamd> persist file "/etc/mail/nospamd"
+
+# Options
 set block-policy drop
+set skip on lo
+
+# Block all
 block log all
 
-set skip on lo
-#pass            # to establish keep-state
+pass out
 
 # rules for spamd(8)
-table <spamd-white> persist
-table <nospamd> persist file "/etc/mail/nospamd"
 pass in on egress proto tcp from any to any port smtp \
     rdr-to 127.0.0.1 port spamd
 pass in on egress proto tcp from <nospamd> to any port smtp
 pass in log on egress proto tcp from <spamd-white> to any port smtp
-pass out log on egress proto tcp to any port smtp
 
 # Access to other mail services
-pass in on egress proto tcp from any to any port {80,443,587,110,995,143,993,22}
-
-# By default, do not permit remote connections to X11
-block in on ! lo0 proto tcp to port 6000:6010
+pass in on egress proto tcp from any to any port $mail_services