Annotation of src/share/pf/faq-example1, Revision 1.1
1.1 ! henning 1: # $OpenBSD$
! 2:
! 3: #
! 4: # Firewall for Home or Small Office
! 5: #
! 6:
! 7:
! 8: # macros
! 9: int_if = "fxp0"
! 10: ext_if = "ep0"
! 11:
! 12: tcp_services = "{ 22, 113 }"
! 13: icmp_types = "echoreq"
! 14:
! 15: priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
! 16:
! 17: # options
! 18: set block-policy return
! 19: set loginterface $ext_if
! 20:
! 21: # scrub
! 22: scrub in all
! 23:
! 24: # nat/rdr
! 25: nat on $ext_if from $int_if:network to any -> ($ext_if)
! 26: rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \
! 27: port 8021
! 28:
! 29: # filter rules
! 30: block all
! 31:
! 32: pass quick on lo0 all
! 33:
! 34: block drop in quick on $ext_if from $priv_nets to any
! 35: block drop out quick on $ext_if from any to $priv_nets
! 36:
! 37: pass in on $ext_if inet proto tcp from any to ($ext_if) \
! 38: port $tcp_services flags S/SA keep state
! 39:
! 40: pass in inet proto icmp all icmp-type $icmp_types keep state
! 41:
! 42: pass in on $int_if from $int_if:network to any keep state
! 43: pass out on $int_if from any to $int_if:network keep state
! 44:
! 45: pass out on $ext_if proto tcp all modulate state flags S/SA
! 46: pass out on $ext_if proto { udp, icmp } all keep state
![[BACK]](/icons/back.gif){kind=icon}
Return to faq-example1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / share / pf