Project

General

Profile

Bug #2925 » pf.conf

firewall config - tautolog, 07/17/2016 11:16 PM

 
1
#	$OpenBSD: pf.conf,v 1.25 2004/01/29 18:54:29 todd Exp $
2
#	$DragonFly: src/etc/pf.conf,v 1.2 2005/12/13 08:38:55 swildner Exp $
3
#
4
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
5

    
6
ext_if="em0"
7
int_if="em1"
8
vpn_if="tun0"
9

    
10
#table <spamd> persist
11
#table <spamd-white> persist
12

    
13
scrub in
14

    
15
#nat on $vpn_if from ($int_if) -> 172.29.0.22 #($vpn_if)
16
nat on $ext_if from !($ext_if) -> ($ext_if:0)
17
nat on $vpn_if from !($vpn_if) -> ($vpn_if:0)
18
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
19
#rdr pass on $ext_if proto tcp from <spamd> to port smtp \
20
#	-> 127.0.0.1 port spamd
21
#rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
22
#	-> 127.0.0.1 port spamd
23

    
24
#block in
25
pass out keep state
26

    
27
pass quick on { lo $int_if }
28
#antispoof quick for { lo $int_if }
29

    
30
pass in on $ext_if proto tcp to ($ext_if) port ssh keep state
31
#pass in on $ext_if proto tcp to ($ext_if) port > 49151 user proxy keep state
32
#pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
33
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
34

    
35
# allow ICMP
36
pass proto icmp keep state
37
pass proto icmp6 keep state
38

    
39
# OpenVPN
40
pass in on $ext_if proto udp to ($ext_if) port 1194:1195 keep state
41
pass in on $int_if keep state
42
pass in on $vpn_if keep state
43
pass on $int_if proto icmp keep state
(4-4/4)