DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 14th January 2009
TerranAce007 TerranAce007 is offline
New User
 
Join Date: Jan 2009
Posts: 2
Thanked 0 Times in 0 Posts
Default Help with pf rules

I'm using an old computer to build a home router and this is what I have come up with so far for the pf rules. The external interface is set to a static IP from my ISP and the internal in 192.168.2.0/24. I want to NAT everything through the one IP, block all incoming except ssh for now, and limit outbound connections to specific ports/protocols. I also want the firewall to just affect the external zone and not firewall communication between computers on the internal network. Is this a goo setup?

########
# Devices #
########
Loopback = "lo0"
IntIF = "sk0"
ExtIF = "xl0"

#############
# Macros & Lists #
#############
OB_ports = "{ 20 21 22 25 53 80 110 115 123 143 389 443 445 464 465 531 636 989 990 995 }"
OB_proto = "{ udp tcp icmp }"
IB_ports = "{ 22 }"
IB_proto = "{ tcp }"

##########
# NAT Rules #
##########
nat on $ExtIF from $IntIF/24 to any -> $ExtIF

############
# Firewall Rules #
############
set skip on $Loopback
block all
antispoof quick for $ExtIF
scrub in all on $ExtIF no-df random-id

# Allow all internal-internal traffic
pass quick on $IntIF from $IntIF/24 to $IntIF/24

# Allowed Outbound
pass out quick on $IntIF proto $OB_proto from $IntIF/24 to any port $OB_ports

# Allowed Inbound
pass in log quick on $ExtIF proto $IB_proto from any to $ExtIF port $IB_ports flags S/SA
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PF Rules for DoS chazz FreeBSD Security 3 14th July 2009 09:35 PM
PF wont open port despite rules... Dain_L OpenBSD Security 3 12th September 2008 01:14 AM
ipfw rules not behaving Weaseal FreeBSD Security 5 13th August 2008 01:22 PM
PF/ALTQ rules not working as intended Weaseal FreeBSD Security 4 6th August 2008 12:41 PM
flush natd rules nenduvel FreeBSD Security 1 3rd May 2008 08:59 PM


All times are GMT. The time now is 03:38 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick