GhostBSD uses PF (Packet Filter) as its built-in firewall. PF is a powerful and flexible firewall system originally developed for OpenBSD, and it's also used in FreeBSD (which GhostBSD is based on).
Yes, GhostBSD enables PF by default with a basic configuration that protects your system while allowing common network activity.
The main configuration file is located at:
/etc/pf.conf
This file contains rules that control which traffic is allowed or blocked.
To see the active firewall rules, open a terminal and run:
sudo pfctl -sr
If you make changes to pf.conf, you can reload the firewall with:
sudo pfctl -f /etc/pf.conf
Here's a simple rule that allows all outgoing traffic and blocks incoming traffic:
set skip on lo
block in all
pass out all keep statepf.conf before editingsudo pfctl -nf /etc/pf.conf to test your config before applyingThe GhostBSD firewall is a powerful tool for keeping your system secure. With a little practice, you can customize it to suit your needs and feel confident about your network safety.
If you spot any typos, unclear instructions, or areas for improvement, I’d love to hear from you. This project is built for GhostBSD users, by GhostBSD users—and your input helps shape it.