≡ Menu

BSD PF IPv6 and IPv4 /etc/pf.conf Firewall Script

This is my working IPv6 and IPv4 dual stack script from FreeBSD 7.1 server. It should work with any latest PF version under OpenBSD / FreeBSD / NetBSD without a problem.

You need to add following lines to /etc/rc.conf under FreeBSD to turn on PF firewall:

Next create /etc/pf.conf file as follows. Replace variable with appropriate values.

  1. By default firewall drops all incoming and outgoing connections for both IPv4 and IPv6.
  2. By default IPv4 and IPv6 outgoing allowed for ssh, smtp, domain / dns, www, https, ntp, ping and whois requests.
  3. By default IPv4 and IPv6 incoming allowed for ssh, smtp, domain / dns, www, https, and ping only.

You also need to create /etc/pf.block.ip.conf file with list of IPs and subnet to block manually as follows:

This script also supports Spamhaus database to block SMTP / WWW spam bots. Download Shell Script To Update Spamhaus Lasso Spam Database for PF .

{ 5 comments… add one }
  • Tekki July 28, 2011, 6:54 pm

    Hi there! I would like to know if this configuration can help me block IPv6 domain like https facebook? I have a problem blocking Https facebook.

  • Vivek Gite March 27, 2009, 4:15 pm

    Yes, it passes all ICMP6 traffic. Feel free to modify pf.conf it as per your requirements and setup.

  • Roberto Greiner March 26, 2009, 7:34 pm

    Hi, I think i got a small security problem.

    At the end of the script you have a few lines controlling what of icmp6 can get in. But at the start of the script you have

    #IPv6 – pass in/out all IPv6 ICMP traffic
    pass in quick proto icmp6 all

    which lets all icmp6 traffic in. Or did I get something wrong?

  • Vivek Gite February 2, 2009, 9:38 pm

    Thanks for the heads up.

  • xcezzz February 2, 2009, 6:25 pm

    There should be a correction on the line below, of where to put pf_enable=”YES”

    You need to add following lines to /etc/pf.conf under FreeBSD to turn on PF firewall:

    It should be rc.conf?

    You need to add following lines to /etc/rc.conf under FreeBSD to turn on PF firewall:

Security: Are you a robot or human?

Leave a Comment