Advertisement
Guest User

PF.CONF

a guest
Aug 18th, 2015
39
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.16 KB | None | 0 0
  1. # Server Zero PF Firewall Configuration
  2.  
  3. # Variable Declaration
  4. ExtIf ="em0"
  5. IntIf ="re0"
  6. TcpState ="flags S/SA modulate state"
  7. UdpState ="keep state"
  8.  
  9. # Tables
  10.  
  11. # Options
  12. set skip on lo
  13. set debug urgent
  14. set block-policy drop
  15. set loginterface $ExtIf
  16. set state-policy if-bound
  17. set fingerprints "/etc/pf.os"
  18. set ruleset-optimization none
  19. set optimization normal
  20. set timeout { tcp.closing 60, tcp.established 7200}
  21.  
  22. # Normalization
  23. scrub out log on $ExtIf all random-id min-ttl 15 set-tos 0x1c fragment reassemble
  24.  
  25. # Queueing
  26.  
  27. # Translation
  28. nat on $ExtIf from $IntIf:network to any -> ($ExtIf)
  29. rdr on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port http -> 10.33.0.2
  30. rdr on $ExtIf inet proto tcp from !($ExtIf) to ($ExtIf) port https -> 10.33.0.2
  31. no rdr
  32.  
  33. # Filtering
  34. # inbound
  35. block drop in log on $ExtIf
  36. pass in log on $ExtIf inet proto tcp from !($ExtIf) port 22 $TcpState
  37. pass in quick log on $IntIf inet
  38. # outbound
  39. pass out log on $ExtIf inet proto tcp from ($ExtIf) to !($ExtIf) $TcpState
  40. pass out log on $ExtIf inet proto udp from ($ExtIf) to !($ExtIf) $UdpState
  41. pass out log on $ExtIf inet proto icmp from ($ExtIf) to !($ExtIf) $UdpState
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement