View Single Post
Old 19th August 2008
JustDoIt JustDoIt is offline
New User
 
Join Date: Jul 2008
Posts: 8
Default

Hi, thank you again.

Here is the config:

Code:
#       $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

# macros
outside = "fxp0"
inside = "rl0"
dmz = "xl0"
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s, auth, http, https }"
udp_services = "{ domain, ntp }"
icmp_types = "{ echoreq, unreach }"
local_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 }"
localnet = $inside:network
client_out = "{ ftp-data, ftp, www, pop3s,  ssh, domain, pop3, auth, nntp,\
                 http, https, smtp, 3389 }"


# options

# scrub
scrub in all

# nat/rdr
nat on $outside from $localnet to any -> $outside
#rdr on $outside proto tcp from any to 198.133.219.25 port 3389 -> 192.168.101.11 port 5405

# filter rules
block all
pass quick inet proto { tcp, udp } to any port $udp_services
pass inet proto tcp from $localnet to any port $client_out keep state
#pass out proto tcp to any port $tcp_services keep state
#pass proto udp to any port $udp_services keep state
pass in inet proto tcp from any to any port ssh
pass inet proto icmp all icmp-type $icmp_types keep state

#pass from { lo0, $localnet } to any keep state
#pass inet proto icmp all icmp-type $icmp_types keep state

#pass inet proto icmp icmp-type $icmp_types from $localnet to any keep state
#pass inet proto icmp icmp-type $icmp_types from any to $outside keep state
#pass inet proto tcp from $localnet to any keep state
#pass inet proto udp from $localnet to any keep state
#pass in inet proto tcp from any to any port ssh
#pass quick inet proto { tcp, udp } to any port $udp_services
Reply With Quote