User Justin Noor shows us how to configure Packet Filter (PF) on FreeBSD 12.1 operating system. PF is a firewall application and a packet filtering tool designed to allow administrators to protect their network against cyber attacks. This guide will walk you through building a preliminary ruleset, configuring it, sanitizing your traffic, managing your overload table, introducing anchors, etc. Check out the link below for the detailed set of instructions.


The firewall is arguably one of the most important lines of defense against cyber attacks. The ability to configure a firewall from scratch is an empowering skill that enables the administrator to take control of their networks.


Before you start this tutorial, you’ll need the following:

  • A 1G FreeBSD 12.1 server (either ZFS or UFS). You can use our How To Get Started with FreeBSD tutorial to set your server up to your preferred configuration.
  • FreeBSD has no firewall enabled by default—customization is a hallmark of the FreeBSD ethos. Therefore when you first launch your server, you need temporary protection while PF is being configured. If you’re using DigitalOcean, you can enable your cloud firewall immediately after spinning up the server. Refer to DigitalOcean’s Firewall Quickstart for instructions on configuring a cloud firewall. If you’re using another cloud provider, determine the fastest route to immediate protection before you begin. Whichever method you choose, your temporary firewall must permit only inbound SSH traffic, and can allow all types of outbound traffic.

How To Configure Packet Filter (PF) on FreeBSD 12.1: