View Single Post
  #1   (View Single Post)  
Old 14th January 2009
TerranAce007 TerranAce007 is offline
New User
 
Join Date: Jan 2009
Posts: 2
Default Help with pf rules

I'm using an old computer to build a home router and this is what I have come up with so far for the pf rules. The external interface is set to a static IP from my ISP and the internal in 192.168.2.0/24. I want to NAT everything through the one IP, block all incoming except ssh for now, and limit outbound connections to specific ports/protocols. I also want the firewall to just affect the external zone and not firewall communication between computers on the internal network. Is this a goo setup?

########
# Devices #
########
Loopback = "lo0"
IntIF = "sk0"
ExtIF = "xl0"

#############
# Macros & Lists #
#############
OB_ports = "{ 20 21 22 25 53 80 110 115 123 143 389 443 445 464 465 531 636 989 990 995 }"
OB_proto = "{ udp tcp icmp }"
IB_ports = "{ 22 }"
IB_proto = "{ tcp }"

##########
# NAT Rules #
##########
nat on $ExtIF from $IntIF/24 to any -> $ExtIF

############
# Firewall Rules #
############
set skip on $Loopback
block all
antispoof quick for $ExtIF
scrub in all on $ExtIF no-df random-id

# Allow all internal-internal traffic
pass quick on $IntIF from $IntIF/24 to $IntIF/24

# Allowed Outbound
pass out quick on $IntIF proto $OB_proto from $IntIF/24 to any port $OB_ports

# Allowed Inbound
pass in log quick on $ExtIF proto $IB_proto from any to $ExtIF port $IB_ports flags S/SA
Reply With Quote