API tools faq
paste
Latrina

Untitled

Latrina
Feb 20th, 2020
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.64 KB | None | 0 0
raw download clone embed print report
  1. ext_if="vtnet0"
  2. NET_JAIL="{ 192.168.69.0/24 192.168.68.0/24 192.168.0.0/24 }"
  3.  
  4. jails_if="{ epair0a epair1a epair2a }"
  5.  
  6. scrub in all
  7.  
  8. # Won't filter traffic on loopback
  9. set skip on lo0
  10.  
  11. # nat all jail traffic
  12. nat on $ext_if inet from any to any -> ($ext_if)
  13.  
  14. # Protects against activity from spoofed or forged IPs
  15. antispoof for $ext_if inet
  16.  
  17. # Allow SSH/d
  18. pass in quick on $ext_if proto tcp from any to any port ssh
  19.  
  20. # Allow traceroute
  21. pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep state
  22.  
  23. # Allow ICMP ping
  24. pass inet proto icmp from any to any
  25.  
  26. # Allow all OUT, block all IN
  27. block in
  28. pass out
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!