I'm connected with adsl/pppoe
Code:
nic0="em0" # lan1 1G/jumbo
nic1="msk0" # lan2 100
nic2="em1" # pppoe port
ext="pppoe0"
torrent="6881:6899"
table <spamd-white> persist
set block-policy return
set skip on { lo $nic0 $nic1 $nic2 bridge0 }
altq on $ext priq bandwidth 800Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
block on $ext
pass in on $ext inet proto { tcp udp } from any to ($ext) port ssh queue (q_def, q_pri)
pass in on $ext inet proto tcp from any to ($ext) port { auth pop3s imaps } queue (q_def, q_pri)
pass in on $ext inet proto tcp from any to ($ext) port { www https } queue (q_def, q_pri) rdr-to 192.168.0.2
pass in on $ext inet proto { tcp udp } from any to ($ext) port { $torrent } queue (q_def, q_pri) rdr-to 192.168.0.2
pass in on $ext inet proto tcp from any to ($ext) port smtp rdr-to 127.0.0.1 port spamd
pass in on $ext inet proto tcp from <spamd-white> to ($ext) port smtp queue (q_def, q_pri)
pass out on $ext inet proto tcp from ! 224/4 to any queue (q_def, q_pri)
pass out on $ext inet proto udp from ! 224/4 to any queue (q_def, q_pri)
block on $ext proto { tcp udp } from any to any port { netbios-ns netbios-dgm netbios-ssn microsoft-ds nfsd }
match out on $ext scrub (max-mss 1440)
match out on $ext from !($ext) nat-to ($ext:0)
# vim: set filetype=pf:
__________________
HP ProCurve 1800-24G, Phenom 9750, Dual Opteron 265, AMD64 3000+,
Dual P3-800, eMac G4 1.0GHz, Sun Blade 150, Alpha PWS 433 and more ...
|