Annotation of src/share/pf/faq-example1, Revision 1.5
1.5 ! mcbride 1: # $OpenBSD: faq-example1,v 1.4 2006/06/16 17:26:59 jasper Exp $
1.1 henning 2:
3: #
4: # Firewall for Home or Small Office
1.2 henning 5: # http://www.openbsd.org/faq/pf/example1.html
1.1 henning 6: #
7:
8:
9: # macros
1.4 jasper 10: ext_if="fxp0"
11: int_if="xl0"
1.1 henning 12:
1.4 jasper 13: tcp_services="{ 22, 113 }"
14: icmp_types="echoreq"
1.1 henning 15:
1.4 jasper 16: comp3="192.168.0.3"
1.3 joel 17:
1.1 henning 18: # options
19: set block-policy return
20: set loginterface $ext_if
21:
1.4 jasper 22: set skip on lo
23:
1.1 henning 24: # scrub
1.4 jasper 25: scrub in
1.1 henning 26:
27: # nat/rdr
1.4 jasper 28: nat on $ext_if from !($ext_if) -> ($ext_if:0)
29: nat-anchor "ftp-proxy/*"
30: rdr-anchor "ftp-proxy/*"
31:
32: rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
1.3 joel 33: rdr on $ext_if proto tcp from any to any port 80 -> $comp3
1.1 henning 34:
35: # filter rules
1.4 jasper 36: block in
1.1 henning 37:
1.5 ! mcbride 38: pass out
1.1 henning 39:
1.4 jasper 40: anchor "ftp-proxy/*"
41: antispoof quick for { lo $int_if }
1.1 henning 42:
1.5 ! mcbride 43: pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services
1.3 joel 44:
1.4 jasper 45: pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
1.5 ! mcbride 46: synproxy state
1.1 henning 47:
1.5 ! mcbride 48: pass in inet proto icmp all icmp-type $icmp_types
1.1 henning 49:
1.5 ! mcbride 50: pass quick on $int_if no state
![[BACK]](/icons/back.gif){kind=icon}
Return to faq-example1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / share / pf