| version 1.5, 2002/06/22 10:19:13 |
version 1.6, 2002/06/27 07:00:43 |
|
|
| # replace ext0 with external interface name, 10.0.0.0/8 with internal network |
# replace ext0 with external interface name, 10.0.0.0/8 with internal network |
| # and 192.168.1.1 with external address |
# and 192.168.1.1 with external address |
| |
|
| # Normalize: reassemble fragments and resolve or reduce traffic ambiguities |
# Normalize: reassemble fragments and resolve or reduce traffic ambiguities |
| |
|
| # scrub in all |
# scrub in all |
| |
|
|
|
| |
|
| # block all incoming packets but allow ssh, pass all outgoing tcp and udp |
# block all incoming packets but allow ssh, pass all outgoing tcp and udp |
| # connections and keep state |
# connections and keep state |
| # log blocked pakets |
# log blocked packets |
| |
|
| # block in log all |
# block in log all |
| # pass in on ext0 proto tcp from any to ext0 port 22 keep state |
# pass in on ext0 proto tcp from any to ext0 port 22 keep state |
![[BACK]](/icons/back.gif){kind=icon}
Return to pf.conf CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc