pfDeploy is a command-line tool capable of automatically configuring pf and pflog in a FreeBSD host machine. It is especially useful to quickly configure a newly spawned FreeBSD VM.
The following installation steps will install an executable of pfDeploy in the path used by Go to store binaries (as of Go 1.18, you can check the installation path for binaries by running go env and looking for the GOPATH variable. The binaries will be installed in the /bin subfolder of GOPATH. Add your GOPATH to your shell's PATH variable in order to execute Go binaries without having to specify the whole GOPATH).
- Go 1.18+
- Install the most recent version of the pfDeploy command-line utility to the
GOPATHbinaries subfolder with:
$ go install github.com/erodrigufer/pfDeploy/cmd/pfDeploy@latest
pfDeploy - Automatically setup pf in your new deployment.
USAGE:
pfDeploy [global options] command [command options] [arguments...]
COMMANDS:
deploy Setup pf and pflog at boot and deploy a new pf rules file.
check Check the syntactical validity of a pf rules file.
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help (default: false)
The command deploy checks the syntax validity of a given pf ruleset file, if the file is syntactically correct, the script changes the file at /etc/rc.conf so that both pf and pflog are always initialized at boot. Then, the given pf ruleset file is used as the new pf ruleset. Finally, the host is rebooted (unless the --no-reboot flag is used).
$ pfDeploy deploy --file <FILE_RULESET> --no-reboot
To show more help for the deploy command run pfDeplot deploy --help
Check the syntax validity of a pf ruleset file without changing any system configuration with the command:
$ pfDeploy check --file <FILE_RULESET>
In the subfolder /configFiles are exemplary ruleset files for pf.
mongodb.confis a ruleset especially tailored for a VM hosting a remotely accessible MongoDB instance.