Ok does this look better? this is for a class project and want to do this at home, my professor just told me to try to build a PF
Code:
## our interface ##
ext_if="vr0"
## Private network IP goes in the EXT_IP
EXT_IP 172.22.106.146
# Block everything (inbound AND outbound on ALL interfaces) by default (catch-all)
block all
## do not block mysqld on ##
mysqld_ip="{ !172.22.106.146 }"
## Block everything for tcp port number 3306 except $mysqld_ip ###
block all
pass in from any to $EXT_IP port 3306
## apache rules need the ip address###
pass in on $ext_if proto tcp from any to 172.22.106.146 port 80 flags S/SA synproxy state
##also ssh port22/tcp, auth 22/tcp, ICMP pings####
# Default TCP policy
block return-rst in log on $ext_if proto TCP all
pass in log quick on $ext_if proto TCP port 22
pass in log quick on $ext_if proto TCP port 113
# Default UDP policy
block in log on $ext_if proto udp all
# Allow the local interface to talk unrestricted
pass in quick on lo0 all
pass out quick on lo0 all