Annotation of src/share/pf/faq-example1, Revision 1.4
1.4 ! jasper 1: # $OpenBSD: faq-example1,v 1.3 2005/07/02 16:16:39 joel Exp $
1.1 henning 2:
3: #
4: # Firewall for Home or Small Office
1.2 henning 5: # http://www.openbsd.org/faq/pf/example1.html
1.1 henning 6: #
7:
8:
9: # macros
1.4 ! jasper 10: ext_if="fxp0"
! 11: int_if="xl0"
1.1 henning 12:
1.4 ! jasper 13: tcp_services="{ 22, 113 }"
! 14: icmp_types="echoreq"
1.1 henning 15:
1.4 ! jasper 16: comp3="192.168.0.3"
1.3 joel 17:
1.1 henning 18: # options
19: set block-policy return
20: set loginterface $ext_if
21:
1.4 ! jasper 22: set skip on lo
! 23:
1.1 henning 24: # scrub
1.4 ! jasper 25: scrub in
1.1 henning 26:
27: # nat/rdr
1.4 ! jasper 28: nat on $ext_if from !($ext_if) -> ($ext_if:0)
! 29: nat-anchor "ftp-proxy/*"
! 30: rdr-anchor "ftp-proxy/*"
! 31:
! 32: rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
1.3 joel 33: rdr on $ext_if proto tcp from any to any port 80 -> $comp3
1.1 henning 34:
35: # filter rules
1.4 ! jasper 36: block in
1.1 henning 37:
1.4 ! jasper 38: pass out keep state
1.1 henning 39:
1.4 ! jasper 40: anchor "ftp-proxy/*"
! 41: antispoof quick for { lo $int_if }
1.1 henning 42:
43: pass in on $ext_if inet proto tcp from any to ($ext_if) \
44: port $tcp_services flags S/SA keep state
1.3 joel 45:
1.4 ! jasper 46: pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
! 47: flags S/SA synproxy state
1.1 henning 48:
49: pass in inet proto icmp all icmp-type $icmp_types keep state
50:
1.4 ! jasper 51: pass quick on $int_if
![[BACK]](/icons/back.gif){kind=icon}
Return to faq-example1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / share / pf