| version 1.2, 2003/08/06 16:04:45 |
version 1.3, 2005/07/02 16:16:39 |
|
|
| icmp_types = "echoreq" |
icmp_types = "echoreq" |
| |
|
| priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" |
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" |
| |
|
| |
comp3 = "192.168.0.3" |
| |
|
| # options |
# options |
| set block-policy return |
set block-policy return |
| set loginterface $ext_if |
set loginterface $ext_if |
|
|
| nat on $ext_if from $int_if:network to any -> ($ext_if) |
nat on $ext_if from $int_if:network to any -> ($ext_if) |
| rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \ |
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \ |
| port 8021 |
port 8021 |
| |
rdr on $ext_if proto tcp from any to any port 80 -> $comp3 |
| |
|
| # filter rules |
# filter rules |
| block all |
block all |
|
|
| |
|
| pass in on $ext_if inet proto tcp from any to ($ext_if) \ |
pass in on $ext_if inet proto tcp from any to ($ext_if) \ |
| port $tcp_services flags S/SA keep state |
port $tcp_services flags S/SA keep state |
| |
|
| |
pass in on $ext_if proto tcp from any to $comp3 port 80 \ |
| |
flags S/SA synproxy state |
| |
|
| |
pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \ |
| |
user proxy flags S/SA keep state |
| |
|
| pass in inet proto icmp all icmp-type $icmp_types keep state |
pass in inet proto icmp all icmp-type $icmp_types keep state |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to faq-example1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / share / pf