src/share/pf/faq-example1 - view

Return to faq-example1 CVS log

Up to [local] / src / share / pf

File: [local] / src / share / pf / Attic / faq-example1 (download)

Revision 1.4, Fri Jun 16 17:26:59 2006 UTC (17 years, 11 months ago) by jasper
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE, OPENBSD_4_0
Changes since 1.3: +21 -26 lines

sync with faq;
yayayaya henning@

# $OpenBSD: faq-example1,v 1.4 2006/06/16 17:26:59 jasper Exp $

#
# Firewall for Home or Small Office
# http://www.openbsd.org/faq/pf/example1.html
#


# macros
ext_if="fxp0"
int_if="xl0"

tcp_services="{ 22, 113 }"
icmp_types="echoreq"

comp3="192.168.0.3"

# options
set block-policy return
set loginterface $ext_if

set skip on lo

# scrub
scrub in

# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"

rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 80 -> $comp3

# filter rules
block in

pass out keep state

anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }

pass in on $ext_if inet proto tcp from any to ($ext_if) \
   port $tcp_services flags S/SA keep state

pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
    flags S/SA synproxy state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass quick on $int_if