Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Aug 11th, 2012  |  syntax: None  |  size: 0.66 KB  |  hits: 8  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. ##### define network interface
  2. ext_if = "re0"
  3. loop_if = "lo0"
  4. jail_if1 = "vlan1"
  5. jail_if2 = "vlan2"
  6.  
  7. tcp_services = "{22, 443}"
  8.  
  9. #### set options
  10. set loginterface $ext_if
  11. set block-policy drop
  12. set state-policy if-bound
  13. set limit {frags 5000, states 2500}
  14. set debug urgent
  15. set optimization aggressive
  16. set skip on { $loop_if }
  17.  
  18. ##### define misc
  19. icmp_types = "echoreq"
  20. allproto = "{tcp, udp, icmp, esp, ipencap}"
  21. scrub on $ext_if reassemble tcp no-df random-id
  22.  
  23. ##### NAT Rules
  24. binat on $ext_if from 10.2.1.4/32 to any -> 192.168.1.20/32
  25. binat on $ext_if from 10.2.1.5/32 to any -> 192.168.1.21/32
  26.  
  27. block in all
  28. block out all
  29. pass out all
  30. pass in all
create a new version of this paste RAW Paste Data