Advertisement
Guest User

Untitled

a guest
Jul 22nd, 2017
69
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.52 KB | None | 0 0
  1. tcp_services="{ ssh, http, domain }"
  2. udp_services="{ domain }"
  3. icmp_types="echoreq"
  4. syn_only="S/FSRA"
  5. ext_if="em0"
  6.  
  7. set block-policy drop
  8. set loginterface $ext_if
  9. set skip on lo
  10.  
  11. scrub in all
  12.  
  13. anchor "incoming" in on $ext_if {
  14. pass quick inet6 proto icmp6 keep state
  15. pass quick inet proto icmp all icmp-type $icmp_types keep state
  16. pass quick proto tcp to port $tcp_services flags $syn_only keep state
  17. pass quick proto udp to port $udp_services
  18. }
  19.  
  20. anchor "outgoing" out on $ext_if {
  21. pass quick keep state
  22. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement