Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Server Zero PF Firewall Configuration
- # Variable Declaration
- ExtIf ="em0"
- IntIf ="re0"
- TcpState ="flags S/SA modulate state"
- UdpState ="keep state"
- # Tables
- # Options
- set skip on lo
- set debug urgent
- set block-policy drop
- set loginterface $ExtIf
- set state-policy if-bound
- set fingerprints "/etc/pf.os"
- set ruleset-optimization none
- set optimization normal
- set timeout { tcp.closing 60, tcp.established 7200}
- # Normalization
- scrub out log on $ExtIf all random-id min-ttl 15 set-tos 0x1c fragment reassemble
- # Queueing
- # Translation
- nat on $ExtIf from $IntIf:network to any -> ($ExtIf)
- rdr on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port http -> 10.33.0.2
- rdr on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port https -> 10.33.0.2
- no rdr
- # Filtering
- # inbound
- block drop in log on $ExtIf
- pass in log on $ExtIf inet proto tcp from !($ExtIf) port 22 $TcpState
- pass in quick log on $IntIf inet
- # outbound
- pass out log on $ExtIf inet proto tcp from ($ExtIf) to !($ExtIf) $TcpState
- pass out log on $ExtIf inet proto udp from ($ExtIf) to !($ExtIf) $UdpState
- pass out log on $ExtIf inet proto icmp from ($ExtIf) to !($ExtIf) $UdpState
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement