How To Set Up PF Firewall on FreeBSD to Protect a Web Server

To set up the PF firewall on FreeBSD to protect a web server, follow these steps:

1. Edit the /etc/pf.conf file and add the following lines at the beginning:

ext_if="em0"
web_server="192.168.1.100"

Replace em0 with the name of the external interface, and 192.168.1.100 with the IP address of the web server.

2. Add the following lines to the /etc/pf.conf file to allow incoming traffic on port 80 (HTTP) and port 443 (HTTPS):

pass in on $ext_if proto tcp from any to $web_server port 80
pass in on $ext_if proto tcp from any to $web_server port 443

3. Add the following line to the /etc/pf.conf file to block all other incoming traffic:

block in on $ext_if

4. Add the following line to the /etc/pf.conf file to allow all outgoing traffic:

pass out on $ext_if

5. Save and close the /etc/pf.conf file.

6. Enable the PF firewall by adding the following line to the /etc/rc.conf file:

pf_enable="YES"

7. Start the PF firewall by running the following command:

service pf start

This will apply the firewall rules and start the firewall.

You can use the pfctl command to view the current firewall rules and make additional changes as needed. For more information, see the PF documentation.