Changes in b6bf8cc: updates

				networking/firewalls.md
			
          @@ -3,3 +3,4 @@

           ## linux

           - [iptables](iptables)

           - [firewall cmd](firewall-cmd)

          +* [pf](pf)

				networking/pf.md
			
          @@ -0,0 +1,36 @@

          +# pf

          +

          +* default _pf.conf_ (from openbsd 7.3)

          +```

          +#       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $

          +#

          +# See pf.conf(5) and /etc/examples/pf.conf

          +

          +table <sshbastion> { 46.23.90.11 }

          +

          +set skip on lo

          +

          +block return    # block stateless traffic

          +pass            # establish keep-state

          +

          +# By default, do not permit remote connections to X11

          +block return in on ! lo0 proto tcp to port 6000:6010

          +

          +# Port build user does not need network

          +block return out log proto {tcp udp} user _pbuild

          +

          +block return in proto tcp to port 22

          +pass in quick proto tcp from <sshbastion> to port 22

          +```

          +

          +* block ssh except for bastion

          +```

          +...[output omitted]...

          +

          +table <sshbastion> { <ip_address> }

          +

          +...[output omitted]...

          +

          +block return in proto tcp to port 22

          +pass in quick proto tcp from <sshbastion> to port 22

          +```

				tech-index.md
			
          @@ -38,6 +38,9 @@

           ### infrastructure-as-code

           * [ansible](iac/ansible)

          +### firewalls

          +* [pf firewall](/unix/pf)

          +

           * [durdraw](/software/durdraw)

           * [gollum](/software/gollum)

           * [pandoc](/software/pandoc)

				unix/freebsd.md
			
          @@ -1,5 +1,7 @@

           # freebsd

          +* [pf firewall](/networking/pf)

          +

           ## setting up new install

           * update

           ```

				unix/openbsd.md
			
          @@ -1,5 +1,7 @@

           # openbsd

          +* [pf firewall](/networking/pf)

          +

           ## setting up new system

           ### pre install

           * [softraid encryption][] with keydisk

...	...	@@ -3,3 +3,4 @@
3	3	## linux
4	4	- [iptables](iptables)
5	5	- [firewall cmd](firewall-cmd)
	6	+* [pf](pf)

...	...	@@ -0,0 +1,36 @@
	1	+# pf
	2	+
	3	+* default _pf.conf_ (from openbsd 7.3)
	4	+```
	5	+# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
	6	+#
	7	+# See pf.conf(5) and /etc/examples/pf.conf
	8	+
	9	+table <sshbastion> { 46.23.90.11 }
	10	+
	11	+set skip on lo
	12	+
	13	+block return # block stateless traffic
	14	+pass # establish keep-state
	15	+
	16	+# By default, do not permit remote connections to X11
	17	+block return in on ! lo0 proto tcp to port 6000:6010
	18	+
	19	+# Port build user does not need network
	20	+block return out log proto {tcp udp} user _pbuild
	21	+
	22	+block return in proto tcp to port 22
	23	+pass in quick proto tcp from <sshbastion> to port 22
	24	+```
	25	+
	26	+* block ssh except for bastion
	27	+```
	28	+...[output omitted]...
	29	+
	30	+table <sshbastion> { <ip_address> }
	31	+
	32	+...[output omitted]...
	33	+
	34	+block return in proto tcp to port 22
	35	+pass in quick proto tcp from <sshbastion> to port 22
	36	+```

...	...	@@ -38,6 +38,9 @@
38	38	### infrastructure-as-code
39	39	* [ansible](iac/ansible)
40	40
	41	+### firewalls
	42	+* [pf firewall](/unix/pf)
	43	+
41	44	* [durdraw](/software/durdraw)
42	45	* [gollum](/software/gollum)
43	46	* [pandoc](/software/pandoc)

...	...	@@ -1,5 +1,7 @@
1	1	# freebsd
2	2
	3	+* [pf firewall](/networking/pf)
	4	+
3	5	## setting up new install
4	6	* update
5	7	```

...	...	@@ -1,5 +1,7 @@
1	1	# openbsd
2	2
	3	+* [pf firewall](/networking/pf)
	4	+
3	5	## setting up new system
4	6	### pre install
5	7	* [softraid encryption][] with keydisk