vi /etc/ssh/sshd_config (change here) #Port 22PermitRootLogin no #Port 22 #Protocol 2,1 #PermitRootLogin yes (in) PermitRootLogin no Port 22PermitRootLogin no Port 22 Protocol 2,1
#####################add wheel group users ################# vi /etc/group (change here) wheel:*:0:root (in) wheel:*:0:root,user1,user2
####################make some sudoers ###################### vi /etc/sudoers (change here) root ALL=(ALL) ALL (in) root ALL=(ALL) ALL user1 ALL=(ALL) ALL user2 ALL=(ALL) ALL
#section options set loginterface $EXTIF set limit { states 10000, frags 10000 } set optimization normal
#section scrub scrub in all
#section NAT nat on $EXTIF from 192.168.0.0/24 to any -> $EXTIF
#section filter block log all pass on $LOCALIF all
antispoof log quick for $INTIF pass in on $INTIF inet proto icmp from $LAN to any keep state pass in on $INTIF inet proto udp from $LAN to any keep state pass in on $INTIF inet proto tcp from $LAN to any modulate state pass out on $INTIF inet proto icmp from any to $LAN keep state pass out on $INTIF inet proto udp from any to $LAN keep state pass out on $INTIF inet proto tcp from any to $LAN modulate state
antispoof log quick for $EXTIF block in log quick on $EXTIF inet from $NO_ROUTE to any block return-rst in log quick on $EXTIF proto tcp from any to any port 113 pass in on $EXTIF inet proto icmp all keep state pass in on $EXTIF inet proto tcp from any to any port 22 flags S/SA modulate state block out log quick on $EXTIF inet from any to $NO_ROUTE pass out on $EXTIF inet proto icmp all keep state pass out on $EXTIF inet proto udp all keep state pass out on $EXTIF inet proto tcp all modulate state
(end of file)
# pfctl -e -f /etc/pf.conf
################automatic ip in netwerk(DHCP)###############
=> dhcpd already turned on in rc.conf.local (dhcpd_flags="-q rl1")
#########berkeley internet name demon####################### => this is already on in /etc/rc.conf.local (named_flags=""; named_user=named; named_chroot=/var/named) # cd /usr/ports/net/bind9 && make install clean