I want to set up a client wit BSD packet filtering that only allows outgoing 443 connections. Would this do the trick in my pf.conf?
block out
block in
pass out on eth0 inet proto tcp from (eth0) to any port 443 keep state
Is there any reason to allow incoming connections on 443 if the server is always on the "outside"?
You shouldn't allow incoming connections to port :443, on other distributions I've used /usr/sbin/iptables rules-to-allow-only-ougoing-on-port-:443. Only allow incoming connection if you're client requires that otherwise I wouldn't bother with it.
Keep in mind that allowing necessary incoming ports exposes security breach especially if the server is always outside. I've been hacked in the past where I had to rebuild the server due to open ports and had to run several vulnerability tools in order to get the servers secured.
