Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #### VARIABLES ####
- # network
- localnet = "10.0.0.0/24"
- externip = "**.***.***.**"
- if = "le0"
- # services
- tcp_in = "{ ssh, www }"
- tcp_out = "{ ssh, www, auth, ftp, ftp-data }"
- udp_s = "{ domain, ntp }"
- jail_in = "{ ssh, www }"
- #### NAT and RDR ####
- # Redirect all ftp traffic to proxy
- nat-anchor "ftp-proxy/*"
- rdr-anchor "ftp-proxy/*"
- rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
- # Redirect https to ssh (ssh does not listen to localhost)
- rdr pass proto tcp from any to any port https -> $externip port ssh
- # NAT for the jails
- nat on $if from $localnet to any -> $externip
- #### Filtering ####
- block all
- anchor "ftp-proxy/*"
- pass from { lo0, $localnet } to any
- pass proto { tcp, udp } to any port $udp_s
- pass in proto tcp to any port $tcp_in
- pass out proto tcp to any port $tcp_out
- # Jails
- pass in proto tcp to $localnet port $jail_in
- pass out proto tcp from $localnet to any port $tcp_out
Add Comment
Please, Sign In to add comment