Wiki de Nicolas

====== FreeBSD ======

==== Mise à jour système ====
<code>
freebsd-update fetch
freebsd-update install
</code>

==== Gestionnaire de package ====
<code>
pkg update
pkg upgrade
pkg add <color #FF0000>package</color>
</code>

==== Firewall ====
<file bash /etc/rc.config> 
# Interface reseau externe (ex: ue0)
ext_if = "ue0"

# IP du jail
jail_ip = "192.168.x.x"

# Adresse IPv6 du jail
jail_ipv6 = "xxxx:xxxx:xxxx:xxxx::xxxx"

# Reseaux autorises pour SSH
trusted_nets = "{ 192.168.x.x/24 }"

#Bloquer tout par default
block all

# Autoriser le trafic vers le jail (HTTP/HTTPS)
pass in quick on $ext_if proto tcp from any to $jail_ip port { 80, 443 } keep state
pass in quick on $ext_if inet6 proto tcp from any to $jail_ipv6 port { 80, 443 } keep state

# Autoriser SSHD seulement depuis les reseaux de confiance
pass in quick on $ext_if proto tcp from $trusted_nets to self port 22 keep state

# Autoriser le ping IPv4 (ICMP)
pass in quick on $ext_if inet proto icmp from any to any icmp-type echoreq keep state

# Autoriser le ping IPv6 (ICMPv6)
pass in quick on $ext_if inet6 proto icmp6 from any to any keep state

# Autoriser Internet pour IPv4
pass out on $ext_if inet proto { tcp, udp, icmp } from any to any keep state

# Autoriser Internet pour IPv6
pass out on $ext_if inet6 proto { tcp, udp, icmp6 } from any to any keep state
</file>

Vérifier les règles
<code>
pfctl -vnf /etc/pf.conf 
</code>

Appliquer les règles
<code>
pfctl -F all -f /etc/pf.conf
</code>