Add /etc/npf.conf

I have to use NPF instead of IPF (which is what I am used to) because apparently the ipf module wasn't included with the system. Seems to work, though.
author: John Ankarström <john@ankarstrom.se> 2021-07-13 16:54:09 +0200
committer: John Ankarström <john@ankarstrom.se> 2021-07-13 16:54:09 +0200
commit: 4fe708bab20346eb866fb70d566c0aff8f6688e7 (patch)
tree: fde39e1559822edce3c641c9e54c3a15a529c2bf
parent: 396422475f61a989d11acc81f17449d5057d7207 (diff)
download: rbsd-4fe708bab20346eb866fb70d566c0aff8f6688e7.tar.gz
2 files changed, 10 insertions, 0 deletions
diff --git a/etc/npf.conf b/etc/npf.conf
new file mode 100644
index 0000000..18289a5
--- /dev/null
+++ b/etc/npf.conf
@@ -0,0 +1,9 @@
+group default {
+	block in all
+	pass stateful on lo0 all
+	pass stateful out all
+	pass stateful in proto icmp all
+	pass stateful in from any to any port 22
+	pass stateful in from any to any port 80
+	pass stateful in from any to any port 443
+}
diff --git a/etc/rc.conf b/etc/rc.conf
index 4372917..87d7c4e 100644
--- a/etc/rc.conf
+++ b/etc/rc.conf
@@ -22,6 +22,7 @@ rc_configured=YES
 #
 dhcpcd=YES
 dhcpcd_flags="-qM xennet0"
+npf=YES
 sshd=YES
 ntpd=YES
 ntpdate=YES
author	John Ankarström <john@ankarstrom.se>	2021-07-13 16:54:09 +0200
committer	John Ankarström <john@ankarstrom.se>	2021-07-13 16:54:09 +0200
commit	4fe708bab20346eb866fb70d566c0aff8f6688e7 (patch)
tree	fde39e1559822edce3c641c9e54c3a15a529c2bf
parent	396422475f61a989d11acc81f17449d5057d7207 (diff)
download	rbsd-4fe708bab20346eb866fb70d566c0aff8f6688e7.tar.gz