|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Help with pf rules
I'm using an old computer to build a home router and this is what I have come up with so far for the pf rules. The external interface is set to a static IP from my ISP and the internal in 192.168.2.0/24. I want to NAT everything through the one IP, block all incoming except ssh for now, and limit outbound connections to specific ports/protocols. I also want the firewall to just affect the external zone and not firewall communication between computers on the internal network. Is this a goo setup?
######## # Devices # ######## Loopback = "lo0" IntIF = "sk0" ExtIF = "xl0" ############# # Macros & Lists # ############# OB_ports = "{ 20 21 22 25 53 80 110 115 123 143 389 443 445 464 465 531 636 989 990 995 }" OB_proto = "{ udp tcp icmp }" IB_ports = "{ 22 }" IB_proto = "{ tcp }" ########## # NAT Rules # ########## nat on $ExtIF from $IntIF/24 to any -> $ExtIF ############ # Firewall Rules # ############ set skip on $Loopback block all antispoof quick for $ExtIF scrub in all on $ExtIF no-df random-id # Allow all internal-internal traffic pass quick on $IntIF from $IntIF/24 to $IntIF/24 # Allowed Outbound pass out quick on $IntIF proto $OB_proto from $IntIF/24 to any port $OB_ports # Allowed Inbound pass in log quick on $ExtIF proto $IB_proto from any to $ExtIF port $IB_ports flags S/SA |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
PF Rules for DoS | chazz | FreeBSD Security | 3 | 14th July 2009 09:35 PM |
PF wont open port despite rules... | Dain_L | OpenBSD Security | 3 | 12th September 2008 01:14 AM |
ipfw rules not behaving | Weaseal | FreeBSD Security | 5 | 13th August 2008 01:22 PM |
PF/ALTQ rules not working as intended | Weaseal | FreeBSD Security | 4 | 6th August 2008 12:41 PM |
flush natd rules | nenduvel | FreeBSD Security | 1 | 3rd May 2008 08:59 PM |