Changeset 10418 in hybrid for branches/releng-9.0/nanobsd/files/etc/pf.open.conf
- Timestamp:
- Apr 10, 2012, 3:23:33 PM (13 years ago)
- File:
-
- 1 copied
-
branches/releng-9.0/nanobsd/files/etc/pf.open.conf (copied) (copied from branches/releng-9.0/nanobsd/files/etc/pf.conf ) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/releng-9.0/nanobsd/files/etc/pf.open.conf
r10417 r10418 1 all_node="172.31.255.1/32" 2 wl_net="172.16.0.0/12" 3 allow_ext_tcp="{22}" 4 allow_ext_udp="{161}" 5 allow_int_tcp="{22,3128}" 6 allow_int_udp="{53,161,12345}" 7 allow_int_udp_any="{67}" 1 # Localhost is considered safe 2 pass quick on lo0 all 8 3 9 private="{ 10.0.0.0/8 , 192.168.0.0/16 }" 10 11 # Nat the internet 12 nat on $ext_if from $wl_net to any port $publicnat -> ($ext_if) 13 14 # Nat local wl access 15 nat on $int_if from $private to $wl_net -> ($int_if) 16 17 # Redirection, needs source natting and allow rules 18 #rdr on $ext_if inet proto tcp from any to $ext_if port 1022 -> 192.168.84.1 port 22 19 20 # Block all 21 block in on $ext_if from any to $ext_if 22 block in on $int_if from any to $int_if 23 24 # Allow private to private 25 # Enable me to access anything 26 pass out on {$ext_if, $int_if} keep state 27 28 # Allow internet access from the network 29 pass in on $int_if inet proto tcp from $wl_net to any port $publicnat keep state 30 block in on $int_if inet proto tcp from $wl_net to $int_if port $publicnat 31 32 # Allow directives 33 pass in on $ext_if inet proto tcp from any to $ext_if port $allow_ext_tcp keep state 34 pass in on $ext_if inet proto udp from any to $ext_if port $allow_ext_udp keep state 35 36 pass in on $int_if inet proto tcp from $wl_net to $int_if port $allow_int_tcp keep state 37 pass in on $int_if inet proto udp from $wl_net to $int_if port $allow_int_udp keep state 38 pass in on $int_if inet proto icmp from $wl_net to $int_if keep state 39 40 # Allow wl access from local network 41 pass on $ext_if from $private to $wl_net keep state 42 43 # Make sure to block local network access from wl 44 block on $int_if from $wl_net to $private 45 46 # Otherwise lvrouted breaks: 47 pass in on $int_if 4 # Default allow 5 pass all
Note:
See TracChangeset
for help on using the changeset viewer.
