Changeset 10589 in hybrid
- Timestamp:
- Apr 26, 2012, 2:01:09 PM (13 years ago)
- Location:
- branches/releng-9.0/nanobsd/files/etc
- Files:
-
- 1 edited
- 1 copied
Legend:
- Unmodified
- Added
- Removed
-
branches/releng-9.0/nanobsd/files/etc/pf.hybrid.conf
r10580 r10589 12 12 # 6) WL Captive Portal Support for interfaces who needs it. 13 13 # 7) Optional: Exposure of WL services to the outside 14 # 8) Overrides default route for local orginating traffic to specific ports, needed for15 # for normal proxy setup, which should NOT follow the iLeiden default route.16 14 # 9) Protect the Wireless Network from junk traffic. 17 15 # … … 29 27 ext_if="vr0" 30 28 ext_if_net="vr0:network" 31 ext_if_default_route="192.168.42.1"32 29 captive_portal_interfaces="wlan0" 33 30 publicnat="http,https" 34 31 masterip="127.0.0.1" 35 # For an traditional proxy setup set , uncomment:32 # For an traditional proxy setup set (no iLeiden clients!), uncomment: 36 33 #publicnat=0 37 34 … … 51 48 nat on $ext_if inet proto tcp from $wl_net to any port { $ileiden_ports } -> ($ext_if) 52 49 53 # Nat to the internet for packets which are orginating from itself for proxy functionality (8)54 nat on !$ext_if inet proto tcp from $wl_net to any port { $ileiden_ports } -> ($ext_if)55 56 50 # Redirect some internal facing services outside, please mind also need allow rules (bottom of file) (7) 57 51 rdr on $ext_if inet proto tcp from any to $ext_if port 8081 -> 172.16.4.46 port 80 … … 66 60 # By default all interfaces are open (5) 67 61 pass all 68 69 # This quirck is needed to override the routing table default route (8)70 pass out on !$ext_if route-to ($ext_if $ext_if_default_route) proto tcp from any to !$wl_net port {22, 80, 443} user != unknown keep state71 pass out on !$ext_if route-to ($ext_if $ext_if_default_route) proto udp from any to !$wl_net port {53} user != unknown keep state72 62 73 63 # By default deny all outgoing traffic to avoid systems spamming the network (9) -
branches/releng-9.0/nanobsd/files/etc/pf.proxy.conf
r10580 r10589 29 29 ext_if="vr0" 30 30 ext_if_net="vr0:network" 31 ext_if_ default_route="192.168.42.1"31 ext_if_gw="127.127.127.127" 32 32 captive_portal_interfaces="wlan0" 33 33 publicnat="http,https" … … 68 68 69 69 # This quirck is needed to override the routing table default route (8) 70 pass out on !$ext_if route-to ($ext_if $ext_if_ default_route) proto tcp from any to !$wl_net port {22, 80, 443} user != unknown keep state71 pass out on !$ext_if route-to ($ext_if $ext_if_ default_route) proto udp from any to !$wl_net port {53} user != unknown keep state70 pass out on !$ext_if route-to ($ext_if $ext_if_gw) proto tcp from any to !$wl_net port {22, 80, 443} user != unknown keep state 71 pass out on !$ext_if route-to ($ext_if $ext_if_gw) proto udp from any to !$wl_net port {53} user != unknown keep state 72 72 73 73 # By default deny all outgoing traffic to avoid systems spamming the network (9)
Note:
See TracChangeset
for help on using the changeset viewer.