| Current Path : /usr/src/share/examples/pf/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
| Current File : //usr/src/share/examples/pf/faq-example1 |
# $FreeBSD: release/9.1.0/share/examples/pf/faq-example1 173536 2007-11-11 01:16:51Z mlaier $
# $OpenBSD: faq-example1,v 1.5 2006/10/07 04:48:01 mcbride Exp $
#
# Firewall for Home or Small Office
# http://www.openbsd.org/faq/pf/example1.html
#
# macros
ext_if="fxp0"
int_if="xl0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
comp3="192.168.0.3"
# options
set block-policy return
set loginterface $ext_if
set skip on lo
# scrub
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 80 -> $comp3
# filter rules
block in
pass out
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services
pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
synproxy state
pass in inet proto icmp all icmp-type $icmp_types
pass quick on $int_if no state