- Timestamp:
- Apr 10, 2012, 3:23:33 PM (13 years ago)
- Location:
- branches/releng-9.0/nanobsd/files/etc
- Files:
-
- 2 edited
- 2 copied
-
pf.conf (modified) (1 diff)
-
pf.open.conf (copied) (copied from branches/releng-9.0/nanobsd/files/etc/pf.conf ) (1 diff)
-
pf.proxy.conf (copied) (copied from branches/releng-9.0/nanobsd/files/etc/pf.conf ) (1 diff)
-
rc.conf (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/releng-9.0/nanobsd/files/etc/pf.conf
r10417 r10418 1 all_node="172.31.255.1/32" 2 wl_net="172.16.0.0/12" 3 allow_ext_tcp="{22}" 4 allow_ext_udp="{161}" 5 allow_int_tcp="{22,3128}" 6 allow_int_udp="{53,161,12345}" 7 allow_int_udp_any="{67}" 1 # Localhost is considered safe 2 pass quick on lo0 all 8 3 9 private="{ 10.0.0.0/8 , 192.168.0.0/16 }" 10 11 # Nat the internet 12 nat on $ext_if from $wl_net to any port $publicnat -> ($ext_if) 13 14 # Nat local wl access 15 nat on $int_if from $private to $wl_net -> ($int_if) 16 17 # Redirection, needs source natting and allow rules 18 #rdr on $ext_if inet proto tcp from any to $ext_if port 1022 -> 192.168.84.1 port 22 19 20 # Block all 21 block in on $ext_if from any to $ext_if 22 block in on $int_if from any to $int_if 23 24 # Allow private to private 25 # Enable me to access anything 26 pass out on {$ext_if, $int_if} keep state 27 28 # Allow internet access from the network 29 pass in on $int_if inet proto tcp from $wl_net to any port $publicnat keep state 30 block in on $int_if inet proto tcp from $wl_net to $int_if port $publicnat 31 32 # Allow directives 33 pass in on $ext_if inet proto tcp from any to $ext_if port $allow_ext_tcp keep state 34 pass in on $ext_if inet proto udp from any to $ext_if port $allow_ext_udp keep state 35 36 pass in on $int_if inet proto tcp from $wl_net to $int_if port $allow_int_tcp keep state 37 pass in on $int_if inet proto udp from $wl_net to $int_if port $allow_int_udp keep state 38 pass in on $int_if inet proto icmp from $wl_net to $int_if keep state 39 40 # Allow wl access from local network 41 pass on $ext_if from $private to $wl_net keep state 42 43 # Make sure to block local network access from wl 44 block on $int_if from $wl_net to $private 45 46 # Otherwise lvrouted breaks: 47 pass in on $int_if 4 # Default allow 5 pass all -
branches/releng-9.0/nanobsd/files/etc/pf.open.conf
r10417 r10418 1 all_node="172.31.255.1/32" 2 wl_net="172.16.0.0/12" 3 allow_ext_tcp="{22}" 4 allow_ext_udp="{161}" 5 allow_int_tcp="{22,3128}" 6 allow_int_udp="{53,161,12345}" 7 allow_int_udp_any="{67}" 1 # Localhost is considered safe 2 pass quick on lo0 all 8 3 9 private="{ 10.0.0.0/8 , 192.168.0.0/16 }" 10 11 # Nat the internet 12 nat on $ext_if from $wl_net to any port $publicnat -> ($ext_if) 13 14 # Nat local wl access 15 nat on $int_if from $private to $wl_net -> ($int_if) 16 17 # Redirection, needs source natting and allow rules 18 #rdr on $ext_if inet proto tcp from any to $ext_if port 1022 -> 192.168.84.1 port 22 19 20 # Block all 21 block in on $ext_if from any to $ext_if 22 block in on $int_if from any to $int_if 23 24 # Allow private to private 25 # Enable me to access anything 26 pass out on {$ext_if, $int_if} keep state 27 28 # Allow internet access from the network 29 pass in on $int_if inet proto tcp from $wl_net to any port $publicnat keep state 30 block in on $int_if inet proto tcp from $wl_net to $int_if port $publicnat 31 32 # Allow directives 33 pass in on $ext_if inet proto tcp from any to $ext_if port $allow_ext_tcp keep state 34 pass in on $ext_if inet proto udp from any to $ext_if port $allow_ext_udp keep state 35 36 pass in on $int_if inet proto tcp from $wl_net to $int_if port $allow_int_tcp keep state 37 pass in on $int_if inet proto udp from $wl_net to $int_if port $allow_int_udp keep state 38 pass in on $int_if inet proto icmp from $wl_net to $int_if keep state 39 40 # Allow wl access from local network 41 pass on $ext_if from $private to $wl_net keep state 42 43 # Make sure to block local network access from wl 44 block on $int_if from $wl_net to $private 45 46 # Otherwise lvrouted breaks: 47 pass in on $int_if 4 # Default allow 5 pass all -
branches/releng-9.0/nanobsd/files/etc/pf.proxy.conf
r10417 r10418 17 17 # Redirection, needs source natting and allow rules 18 18 #rdr on $ext_if inet proto tcp from any to $ext_if port 1022 -> 192.168.84.1 port 22 19 20 # Localhost is considered safe 21 pass quick on lo0 all 19 22 20 23 # Block all -
branches/releng-9.0/nanobsd/files/etc/rc.conf
r10417 r10418 53 53 # Enable the firewall by default 54 54 pf_enable="YES" 55 pf_rules="/etc/pf.default.conf" 56 pf_flags="-D ext_if=vr0 -D int_if=vr1 -D publicnat={80,443}" 55 pf_rules="/etc/pf.open.conf"
Note:
See TracChangeset
for help on using the changeset viewer.
