Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- int_if="xl0"
- ext_if="pppoe0"
- wan_if="fxp0"
- thenetwrk="10.0.0.0/8"
- hayek="10.0.0.10"
- baal="10.0.0.2"
- smass="10.0.0.1"
- table <etcpserv> { 22 }
- table <itcpserv> { 22, 53 }
- #table <eudpservices> {}
- #table <iudpservices> {}
- table <inetbanned> {} persist
- icmp_types="echoreq"
- table <ports_hayek> {2222} persist
- table <ports_smass> {2232} persist
- set block-policy return
- set loginterface $ext_if
- set skip on lo
- set skip on $wan_if
- anchor "ftp-proxy/*"
- pass in quick on $int_if inet proto tcp to any port ftp \
- divert-to 127.0.0.1 port 8021
- block in log
- pass out quick
- pass out on $ext_if from $int_if:network to any nat-to ($ext_if)
- pass in on $int_if from 10.0.0.0/8 to any
- pass out on $int_if from any to any
- pass in on $ext_if proto tcp from any to any port <ports_hayek> rdr-to $hayek
- rd
- pass in on $ext_if proto tcp from any to any port <ports_smass> rdr-to $smass
- antispoof quick for { lo $int_if }
- pass in on $ext_if inet proto tcp from any to (egress) \
- port <etcpservices>
- pass in on $int_if inet proto tcp from any to $baal port <itcpservices>
- #pass in on $ext_if inet proto udp from any to (egress) port <eudpservices>
- #pass in on $int_if inet proto udp from any to $baal port <iudpservices>
- pass in inet proto icmp all icmp-type $icmp_types
- block in on $ext_if inet proto tcp from <inet_banned> to any
- block out on $ext_if inet proto tcp from any to <inet_banned>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
