Hacker News new | past | comments | ask | show | jobs | submit login

pfblocker-ng devel. Run the startup wizard to get a pretty safe ruleset running quickly.



I'm running pfBlockerNG already but not devel. Is that the key?


Devel is a lot better. It has a wizard to get you started that is excellent and loads of other stuff.

Disable the dynamic DNS options for DHCP on the DNS resolver to avoid problems with Python modules in the DNS resolver (unbound).

Untick the box for leaving config behind and uninstall pfb not devel. Install pfb devel.

Go to Firewall -> pfblockerng-devel and you will be presented with a wizard. Take the defaults but do indicate your WANS and LANS when they are asked for. You'll get a great basic PRI1 ruleset setup and DNS blocking too, out of the box. I recommend adding "TOR/Tor Project Bulk Exit List" - block inbound on WAN as soon as you work out how to do it.

There is a vast amount of built in rule set links. Give them a go.

If you want easy then go for block on inbound and/or outbound on all rules but if you need some flexibility then go for aliases and make your own rules.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: