- Timestamp:
- Apr 26, 2012, 10:56:04 AM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/releng-9.0/nanobsd/files/etc/pf.hybrid.conf
r10523 r10578 10 10 # 6) WL Captive Portal Support for interfaces who needs it. 11 11 # 7) Optional: Exposure of WL services to the outside 12 # 12 # 8) Overrides default route for local orginating traffic to specific ports, needed for 13 # for normal proxy setup, which should NOT follow the iLeiden default route. 13 14 wl_net="172.16.0.0/12" 14 15 allow_ext_tcp="{ssh, domain}" … … 21 22 ext_if="vr0" 22 23 ext_if_net="vr0:network" 24 ext_if_default_route="192.168.42.1" 23 25 captive_portal_interfaces="wlan0" 24 26 publicnat="http,https" … … 36 38 nat on ! $ext_if from $ext_if_net to $wl_net -> $masterip 37 39 38 # Nat the internet but NOT to Private Network (1)39 nat on $ext_if inet proto tcp from $wl_net to any port { $publicnat } -> ($ext_if)40 40 # Do NOT allow NAT to the Private Network (3) 41 no nat on $ext_if from $wl_net to $private 41 no nat from $wl_net to $private 42 43 # Nat the internet for iLeiden functionality (1) 44 nat on $ext_if inet proto tcp from $wl_net to any port { 80,443 } -> ($ext_if) 45 46 # Nat to the internet for packets which are orginating from itself for proxy functionality (8) 47 nat on !$ext_if inet proto tcp from $wl_net to any port { 80,443 } -> ($ext_if) 48 42 49 43 50 # Redirection needs source natting and allow rules (see below) (7) … … 53 60 # By default all interfaces are open (5) 54 61 pass all 62 63 # This quirck is needed to override the routing table default route (8) 64 pass out on !$ext_if route-to ($ext_if $ext_if_default_route) proto tcp from any to !$wl_net port {22, 80, 443} user != unknown keep state 65 pass out on !$ext_if route-to ($ext_if $ext_if_default_route) proto udp from any to !$wl_net port {53} user != unknown keep state 55 66 56 67 # External interface is permissive (4)
Note:
See TracChangeset
for help on using the changeset viewer.
