#       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

ext_if = "vio0"
ext_if = "198.251.81.133"
ext_if_inet6 = "2601:6400:0010:00fe::"

set reassemble yes

set skip on lo0
set loginterface $ext_if
set block-policy return

table <brutes> persist
block in quick proto tcp from <brutes> to any
#pass in on $ext_if proto tcp to any port ssh flags S/SA keep state \ (max-src-conn 3, max-src-conn-rate 3/3, overload <brutes> flush global)

# define ICMP message types to let in
icmp_types = "{ 0, 8, 3, 4, 11, 30 }"

table <badhosts> persist file "/etc/pf/badhosts"

block in log quick from <badhosts>
pass in proto tcp to port {http https ident}

# block ddos attack
#block drop quick proto udp from any to $ext_if port 1337
#block drop quick proto tcp from any to $ext_if port {40000:42000}

# scrub packets of weirdness
match in all scrub (no-df random-id max-mss 1440)

# drop urpf-failed packets, add label uRPF
block in quick log from urpf-failed label uRPF

# ICMP
pass in quick inet proto icmp icmp-type $icmp_types
pass in quick inet6 proto icmp6 

# allow SSH, SMTP and IMAP
pass in log quick on $ext_if proto tcp to port {smtp submission smtps imap imaps pop3 pop3s} keep state (max-src-conn 30) #email
pass in quick on $ext_if proto tcp from any to port { ssh, smtp, submission, smtps, imap, imaps }

# User ports
pass in proto {tcp udp} to port {30011:30020} user {err0r}
pass in proto {tcp udp} to port {30021:30030} user {iamtesty}
pass in proto {tcp udp} to port {30031:30040} user {skizzato}
pass in proto {tcp udp} to port {30041:30050} user {Scrawn}
pass in proto {tcp udp} to port {30051:30060} user {lordluk}
pass in proto {tcp udp} to port {30061:30070} user {arns}
pass in proto {tcp udp} to port {30071:30080} user {NavIc}
pass in proto {tcp udp} to port {30081:30090} user {blash41}
pass in proto {tcp udp} to port {30091:30100} user {nax}
pass in proto {tcp udp} to port {30101:30110} user {d}
pass in proto {tcp udp} to port {30111:30120} user {ExTaSy}
pass in proto {tcp udp} to port {30121:30130} user {LoVe}
pass in proto {tcp udp} to port {30131:30140} user {makefile}
pass in proto {tcp udp} to port {30141:30150} user {SKaliber}
pass in proto {tcp udp} to port {30151:30160} user {panzer}
pass in proto {tcp udp} to port {30161:30170} user {tagum}
pass in proto {tcp udp} to port {30171:30180} user {meepmeep}
pass in proto {tcp udp} to port {30181:30190} user {viper}
pass in proto {tcp udp} to port {30191:30200} user {trapano}
pass in proto {tcp udp} to port {30201:30210} user {mosTwanTeD}
pass in proto {tcp udp} to port {30211:30220} user {Obot}
pass in proto {tcp udp} to port {30221:30230} user {Bot}
pass in proto {tcp udp} to port {30231:30240} user {j45}
pass in proto {tcp udp} to port {30241:30250} user {bebelushul}
pass in proto {tcp udp} to port {30251:30260} user {felipe}
pass in proto {tcp udp} to port {30261:30270} user {Asad}
pass in proto {tcp udp} to port {30271:30280} user {yapanss}
pass in proto {tcp udp} to port {30281:30290} user {Canada}
pass in proto {tcp udp} to port {30291:30300} user {nonee}
pass in proto {tcp udp} to port {30301:30310} user {gusteru}
pass in proto {tcp udp} to port {30311:30320} user {miscalculated}
pass in proto {tcp udp} to port {30321:30330} user {psychon}
pass in proto {tcp udp} to port {30331:30340} user {tabili}
pass in proto {tcp udp} to port {30341:30350} user {jrmu}
pass in proto {tcp udp} to port {30351:30360} user {DarthGandalf}
pass in proto {tcp udp} to port {30361:30370} user {up}
pass in proto {tcp udp} to port {30371:30380} user {szajbus}
pass in proto {tcp udp} to port {30381:30390} user {tzantar}
pass in proto {tcp udp} to port {30391:30400} user {a3d}
pass in proto {tcp udp} to port {30401:30410} user {Giuda}
pass in proto {tcp udp} to port {30411:30420} user {ldm}
#pass in proto {tcp udp} to port {30421:30430} user {Kong}
pass in proto {tcp udp} to port {30431:30440} user {bangcat}
#pass in proto {tcp udp} to port {30441:30450} user {Ghost}
#pass in proto {tcp udp} to port {30451:30460} user {Maim}
pass in proto {tcp udp} to port {30461:30470} user {camelion}
pass in proto {tcp udp} to port {30471:30480} user {kGSe7en}
pass in proto {tcp udp} to port {30481:30490} user {tuu}
#pass in proto {tcp udp} to port {30491:30500} user {kurid}
pass in proto {tcp udp} to port {30501:30510} user {rado}
pass in proto {tcp udp} to port {30511:30520} user {xfnw}
pass in proto {tcp udp} to port {30521:30530} user {categorymirror}
pass in proto {tcp udp} to port {30531:30540} user {rad}
pass in proto {tcp udp} to port {30541:30550} user {cromosoma21}
pass in proto {tcp udp} to port {30551:30560} user {supercat}
pass in proto {tcp udp} to port {30561:30570} user {pgk}
pass in proto {tcp udp} to port {30571:30580} user {globaldomain}
pass in proto {tcp udp} to port {30581:30590} user {twospace}
pass in proto {tcp udp} to port {30591:30600} user {sam}
pass in proto {tcp udp} to port {30601:30610} user {Alpha}
pass in proto {tcp udp} to port {30611:30620} user {tahio}
#pass in proto {tcp udp} to port {30621:30630} user {my}
pass in proto {tcp udp} to port {30631:30640} user {akoe}
pass in proto {tcp udp} to port {30641:30650} user {ozdal}
pass in proto {tcp udp} to port {30651:30660} user {y}
pass in proto {tcp udp} to port {30661:30670} user {anitza}
#pass in proto {tcp udp} to port {30671:30680} user {trump}
pass in proto {tcp udp} to port {30681:30690} user {meehoo}
pass in proto {tcp udp} to port {30691:30700} user {computertech}
pass in proto {tcp udp} to port {30701:30710} user {Sparrow}
pass in proto {tcp udp} to port {30711:30720} user {OMG}
pass in proto {tcp udp} to port {30721:30730} user {Aarman}
pass in proto {tcp udp} to port {30731:30740} user {War}
pass in proto {tcp udp} to port {30741:30750} user {werewolf}
pass in proto {tcp udp} to port {30751:30760} user {pickasso}
pass in proto {tcp udp} to port {30761:30770} user {deadbeefcafe}
pass in proto {tcp udp} to port {30771:30780} user {NitroNills}
pass in proto {tcp udp} to port {30781:30790} user {itsame}
pass in proto {tcp udp} to port {30791:30800} user {brodher}
pass in proto {tcp udp} to port {30801:30810} user {flink}
pass in proto {tcp udp} to port {30811:30820} user {slaxer}
pass in proto {tcp udp} to port {30821:30830} user {con}
pass in proto {tcp udp} to port {30831:30840} user {malaje}
pass in proto {tcp udp} to port {30841:30850} user {MIF}
pass in proto {tcp udp} to port {30851:30860} user {starhawk}
pass in proto {tcp udp} to port {30861:30870} user {KryptoBear}
pass in proto {tcp udp} to port {30871:30880} user {dgl}
pass in proto {tcp udp} to port {30881:30890} user {moogz}
pass in proto {tcp udp} to port {30891:30900} user {booboo}
pass in proto {tcp udp} to port {30901:30910} user {allen}
pass in proto {tcp udp} to port {30911:30920} user {changes}
pass in proto {tcp udp} to port {30921:30930} user {jetman}
pass in proto {tcp udp} to port {30931:30940} user {aktarus}
pass in proto {tcp udp} to port {30941:30950} user {julian}
pass in proto {tcp udp} to port {30951:30960} user {alec}
pass in proto {tcp udp} to port {30961:30970} user {monaco}
pass in proto {tcp udp} to port {30971:30980} user {Nevada}
pass in proto {tcp udp} to port {30981:30990} user {Cesur}
pass in proto {tcp udp} to port {30991:31000} user {Emirates}
pass in proto {tcp udp} to port {31011:31020} user {raduku}
pass in proto {tcp udp} to port {31021:31030} user {NetLock}
pass in proto {tcp udp} to port {31041:31050} user {admiral}
pass in proto {tcp udp} to port {31051:31060} user {fgdaemon}
pass in proto {tcp udp} to port {31061:31070} user {retoronto}
pass in proto {tcp udp} to port {31071:31080} user {TOM}
pass in proto {tcp udp} to port {31081:31090} user {trojan}
pass in proto {tcp udp} to port {31101:31110} user {dzl}
pass in proto {tcp udp} to port {31111:31120} user {Tino}
pass in proto {tcp udp} to port {31121:31130} user {egg}
pass in proto {tcp udp} to port {31131:31140} user {temon}
pass in proto {tcp udp} to port {31141:31150} user {waitman}
pass in proto {tcp udp} to port {31161:31170} user {dummy}
pass in proto {tcp udp} to port {31171:31180} user {NeoS9}
pass in proto {tcp udp} to port {31181:31190} user {asdflkj}
pass in proto {tcp udp} to port {31191:31200} user {vigilant}
pass in proto {tcp udp} to port {31201:31210} user {holy}
pass in proto {tcp udp} to port {31211:31220} user {danger}
pass in proto {tcp udp} to port {31221:31230} user {harlemrider}
pass in proto {tcp udp} to port {31231:31240} user {jay}
pass in proto {tcp udp} to port {31241:31250} user {Israel}
#pass in proto {tcp udp} to port {31251:31260} user {jodi}
pass in proto {tcp udp} to port {31261:31270} user {shani}
pass in proto {tcp udp} to port {31271:31280} user {JaydenMW}
pass in proto {tcp udp} to port {31281:31290} user {sarah}
pass in proto {tcp udp} to port {31291:31300} user {gokturk}
pass in proto {tcp udp} to port {31301:31310} user {BureibuNeko}
pass in proto {tcp udp} to port {31311:31320} user {wew}
pass in proto {tcp udp} to port {31321:31330} user {czarbot}
pass in proto {tcp udp} to port {31331:31340} user {luiskie}
pass in proto {tcp udp} to port {31341:31350} user {birdy}
pass in proto {tcp udp} to port {31351:31360} user {WaluigiWare64}
#pass in proto {tcp udp} to port {31361:31370} user {JL}
pass in proto {tcp udp} to port {31371:31380} user {pengunix}
pass in proto {tcp udp} to port {31391:31400} user {wheezy}
pass in proto {tcp udp} to port {31401:31410} user {svper}
pass in proto {tcp udp} to port {31411:31420} user {z6np}
pass in proto {tcp udp} to port {31421:31430} user {lepht}
pass in proto {tcp udp} to port {31431:31440} user {leszno}
pass in proto {tcp udp} to port {31441:31450} user {auth}
pass in proto {tcp udp} to port {31451:31460} user {tmberg}
pass in proto {tcp udp} to port {31461:31470} user {PickleFork}
pass in proto {tcp udp} to port {31471:31480} user {latinfo}
pass in proto {tcp udp} to port {31501:31510} user {monado}
pass in proto {tcp udp} to port {31511:31520} user {ubergeek}
pass in proto {tcp udp} to port {31521:31530} user {dani}
pass in proto {tcp udp} to port {31531:31540} user {nariyel}
pass in proto {tcp udp} to port {31541:31550} user {bejelentkezni}
pass in proto {tcp udp} to port {31551:31560} user {Apodo}
pass in proto {tcp udp} to port {31571:31580} user {testshell}
pass in proto {tcp udp} to port {31581:31590} user {zea}
pass in proto {tcp udp} to port {31591:31600} user {ilpanda}
pass in proto {tcp udp} to port {31601:31610} user {njn}
pass in proto {tcp udp} to port {31621:31630} user {iconic710}
pass in proto {tcp udp} to port {31631:31640} user {var}
pass in proto {tcp udp} to port {31641:31650} user {jlj}
pass in proto {tcp udp} to port {31651:31660} user {mntr0}
#pass in proto {tcp udp} to port {31661:31670} user {fgm}
pass in proto {tcp udp} to port {31671:31680} user {MaTeUs}
pass in proto {tcp udp} to port {31681:31690} user {stag99}
pass in proto {tcp udp} to port {31711:31720} user {keropok}
pass in proto {tcp udp} to port {31721:31730} user {doob}
pass in proto {tcp udp} to port {31731:31740} user {chin}
pass in proto {tcp udp} to port {31741:31750} user {watch}
pass in proto {tcp udp} to port {31751:31760} user {fakeuser}
pass in proto {tcp udp} to port {31761:31770} user {fakeuser}
pass in proto {tcp udp} to port {31771:31780} user {poald}
pass in proto {tcp udp} to port {31861:31870} user {admy}
pass in proto {tcp udp} to port {31871:31880} user {kfn}
pass in proto {tcp udp} to port {31881:31890} user {darktrace}
pass in proto {tcp udp} to port {31891:31900} user {dreamdust}
pass in proto {tcp udp} to port {31901:31910} user {n4buc0}
pass in proto {tcp udp} to port {31911:31920} user {grave}
pass in proto {tcp udp} to port {31921:31930} user {magic}
pass in proto {tcp udp} to port {31941:31950} user {miya}
pass in proto {tcp udp} to port {31961:31970} user {dzkouba}
pass in proto {tcp udp} to port {31981:31990} user {swimmer}
pass in proto {tcp udp} to port {31991:32000} user {savthchamp14}
pass in proto {tcp udp} to port {32001:32010} user {thisisatest}
pass in proto {tcp udp} to port {32011:32020} user {denkiko}
#pass in proto {tcp udp} to port {32031:32040} user {Pontianak}
pass in proto {tcp udp} to port {32041:32050} user {togone76}
#pass in proto {tcp udp} to port {32051:32060} user {rozha}
pass in proto {tcp udp} to port {32061:32070} user {nerd}
#pass in proto {tcp udp} to port {32071:32080} user {lencai}
pass in proto {tcp udp} to port {32081:32090} user {Lencai}
pass in proto {tcp udp} to port {32091:32100} user {noisytoot}
pass in proto {tcp udp} to port {32111:32120} user {sergi}
pass in proto {tcp udp} to port {32121:32130} user {timewalk}
pass in proto {tcp udp} to port {32131:32140} user {wiki}
pass in proto {tcp udp} to port {32141:32150} user {prohobo}
pass in proto {tcp udp} to port {32151:32160} user {jmhnsn}
pass in proto {tcp udp} to port {32161:32170} user {duckie}
pass in proto {tcp udp} to port {32171:32180} user {kitera}
pass in proto {tcp udp} to port {32181:32190} user {paul}
pass in proto {tcp udp} to port {32191:32200} user {arrun}
pass in proto {tcp udp} to port {32201:32210} user {craziness}
pass in proto {tcp udp} to port {32211:32220} user {jose}
#pass in proto {tcp udp} to port {32221:32230} user {cyberarmy}
#pass in proto {tcp udp} to port {32231:32240} user {lohang}
pass in proto {tcp udp} to port {32241:32250} user {robkle}
pass in proto {tcp udp} to port {32251:32260} user {typhon}
pass in proto {tcp udp} to port {32261:32270} user {unixcode}
pass in proto {tcp udp} to port {32271:32280} user {JM}
pass in proto {tcp udp} to port {32281:32290} user {kadbot}
pass in proto {tcp udp} to port {32291:32300} user {efy}
pass in proto {tcp udp} to port {32301:32310} user {iclinic}
pass in proto {tcp udp} to port {32311:32320} user {naglfar}
pass in proto {tcp udp} to port {32321:32330} user {melk0r}
pass in proto {tcp udp} to port {32331:32340} user {gtlsgamr}
pass in proto {tcp udp} to port {32341:32350} user {swimm3r}
pass in proto {tcp udp} to port {32351:32360} user {Boomy}
pass in proto {tcp udp} to port {32361:32370} user {ancientwisdom}
pass in proto {tcp udp} to port {32371:32380} user {shellTST01}
pass in proto {tcp udp} to port {32381:32390} user {nibber}
pass in proto {tcp udp} to port {32391:32400} user {bogoy}
pass in proto {tcp udp} to port {32401:32410} user {hawk}
pass in proto {tcp udp} to port {32411:32420} user {hero}
pass in proto {tcp udp} to port {32421:32430} user {cAPTCHA}
pass in proto {tcp udp} to port {32431:32440} user {xena}
pass in proto {tcp udp} to port {32441:32450} user {Barlad}
pass in proto {tcp udp} to port {32451:32460} user {ciaper}
#pass in proto {tcp udp} to port {32461:32470} user {hasta}
pass in proto {tcp udp} to port {32481:32490} user {aby}
pass in proto {tcp udp} to port {32491:32500} user {jaguar}
pass in proto {tcp udp} to port {32501:32510} user {service}
pass in proto {tcp udp} to port {32521:32530} user {shell}
pass in proto {tcp udp} to port {32531:32540} user {Zen}
pass in proto {tcp udp} to port {32541:32550} user {weirdo}
pass in proto {tcp udp} to port {32551:32560} user {mHc}
pass in proto {tcp udp} to port {32561:32570} user {josiah}
pass in proto {tcp udp} to port {32571:32580} user {hunk}
pass in proto {tcp udp} to port {32581:32590} user {garuda}
pass in proto {tcp udp} to port {32591:32600} user {pawelK}
pass in proto {tcp udp} to port {32601:32610} user {luna}
pass in proto {tcp udp} to port {32611:32620} user {loptop123}
pass in proto {tcp udp} to port {32621:32630} user {Arrakis}
pass in proto {tcp udp} to port {32631:32640} user {Blade17}
#pass in proto {tcp udp} to port {32641:32650} user {mlx}
pass in proto {tcp udp} to port {32651:32660} user {prs}
pass in proto {tcp udp} to port {32661:32670} user {pra}
pass in proto {tcp udp} to port {32671:32680} user {unix105}
pass in proto {tcp udp} to port {32681:32690} user {franzo}
pass in proto {tcp udp} to port {32691:32700} user {xharlie}
pass in proto {tcp udp} to port {32701:32710} user {pystardust}
pass in proto {tcp udp} to port {32711:32720} user {articoarg}
pass in proto {tcp udp} to port {32721:32730} user {gret}
pass in proto {tcp udp} to port {32731:32740} user {lm}
pass in proto {tcp udp} to port {32751:32760} user {0dev}
pass in proto {tcp udp} to port {32761:32770} user {roberte}
pass in proto {tcp udp} to port {32771:32780} user {starewind}
pass in proto {tcp udp} to port {32781:32790} user {magus}
pass in proto {tcp udp} to port {32791:32800} user {jeru}
pass in proto {tcp udp} to port {32801:32810} user {ruler}
# pass in proto {tcp udp} to port {32811:32820} user {BOSS}
pass in proto {tcp udp} to port {32821:32830} user {villain}
pass in proto {tcp udp} to port {32831:32840} user {grey}
pass in proto {tcp udp} to port {32841:32850} user {xpom}
#pass in proto {tcp udp} to port {32851:32860} user {babe}
#pass in proto {tcp udp} to port {32861:32870} user {ival}
pass in proto {tcp udp} to port {32871:32880} user {yonle}
#pass in proto {tcp udp} to port {32881:32890} user {qwerty}
pass in proto {tcp udp} to port {32891:32900} user {nomia}
pass in proto {tcp udp} to port {32901:32910} user {pong}
pass in proto {tcp udp} to port {32911:32920} user {anshupati}
#pass in proto {tcp udp} to port {32921:32930} user {Argon}
#pass in proto {tcp udp} to port {32931:32940} user {jank}
#pass in proto {tcp udp} to port {32941:32950} user {van}
#pass in proto {tcp udp} to port {32951:32960} user {sigit}
#pass in proto {tcp udp} to port {32961:32970} user {rhee}
#pass in proto {tcp udp} to port {32971:32980} user {guardian}
#pass in proto {tcp udp} to port {32981:32990} user {salsa}
#pass in proto {tcp udp} to port {32991:33000} user {yudistira}
#pass in proto {tcp udp} to port {33001:33010} user {sandi}
#pass in proto {tcp udp} to port {33011:33020} user {cosmos}
#pass in proto {tcp udp} to port {33021:33030} user {ares}
#pass in proto {tcp udp} to port {33031:33040} user {Cey}
pass in proto {tcp udp} to port {33041:33050} user {moe}
pass in proto {tcp udp} to port {33051:33060} user {moell}
#pass in proto {tcp udp} to port {33061:33070} user {lintang}
#pass in proto {tcp udp} to port {33071:33080} user {kiss}
pass in proto {tcp udp} to port {33081:33090} user {xj0hn}
pass in proto {tcp udp} to port {33091:33100} user {egastura}
#pass in proto {tcp udp} to port {33101:33110} user {Rizal}
#pass in proto {tcp udp} to port {33111:33120} user {peace425}
#pass in proto {tcp udp} to port {33121:33130} user {alfa}
#pass in proto {tcp udp} to port {33131:33140} user {Rha}
#pass in proto {tcp udp} to port {33141:33150} user {Mibbit}
#pass in proto {tcp udp} to port {33151:33160} user {funky}
#pass in proto {tcp udp} to port {33161:33170} user {rahmad}
#pass in proto {tcp udp} to port {33171:33180} user {afik}
#pass in proto {tcp udp} to port {33181:33190} user {topan}
#pass in proto {tcp udp} to port {33201:33210} user {join}
pass in proto {tcp udp} to port {33211:33220} user {teraspin}
pass in proto {tcp udp} to port {33221:33230} user {fria}
pass in proto {tcp udp} to port {33231:33240} user {sulieztya}
pass in proto {tcp udp} to port {33241:33250} user {moet}
pass in proto {tcp udp} to port {33251:33260} user {catcha}
pass in proto {tcp udp} to port {33261:33270} user {nxh7}
pass in proto {tcp udp} to port {33271:33280} user {hellosmile6}
pass in proto {tcp udp} to port {33281:33290} user {msm3257}
pass in proto {tcp udp} to port {33291:33300} user {james}
pass in proto {tcp udp} to port {33301:33310} user {free2}
# end user ports

# drop other incoming traffic
#block in quick log on $ext_if all

# outbound traffic
pass out quick on ext_if proto tcp from any to any modulate state
pass out quick on ext_if proto udp from any to any keep state
pass out quick on ext_if proto icmp from any to any keep state
pass out quick on ext_if proto icmp6 from any to any keep state

pass in log quick proto tcp to port { 1338 1337 31337 } keep state (max 10000, max-src-conn 1000) #bnc