|
|
|
@ -1,4 +1,4 @@ |
|
|
|
# $OpenBSD: pf.conf,v 1.18 2003/03/11 10:11:59 david Exp $ |
|
|
|
# $OpenBSD: pf.conf,v 1.19 2003/03/24 01:47:28 ian Exp $ |
|
|
|
# |
|
|
|
# See pf.conf(5) and /usr/share/pf for syntax and examples. |
|
|
|
# Required order: options, normalization, queueing, translation, filtering. |
|
|
|
@ -7,6 +7,7 @@ |
|
|
|
|
|
|
|
# Macros: define common values, so they can be referenced and changed easily. |
|
|
|
#ext_if="ext0" # replace with actual external interface name i.e., dc0 |
|
|
|
#int_if="int0" # replace with actual internal interface name i.e., dc1 |
|
|
|
#internal_net="10.1.1.1/8" |
|
|
|
#external_addr="192.168.1.1" |
|
|
|
|
|
|
|
@ -46,6 +47,9 @@ |
|
|
|
# outgoing packets will be translated as coming from the external address. |
|
|
|
#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678 |
|
|
|
|
|
|
|
# rdr outgoing FTP requests to the ftp-proxy |
|
|
|
#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 |
|
|
|
|
|
|
|
# spamd-setup puts addresses to be redirected into table <spamd>. |
|
|
|
#table <spamd> persist |
|
|
|
#no rdr on { lo0, lo1 } from any to any |
|
|
|
@ -64,6 +68,9 @@ |
|
|
|
# pass incoming packets destined to the addresses given in table <foo>. |
|
|
|
#pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state |
|
|
|
|
|
|
|
# pass incoming ports for ftp-proxy |
|
|
|
#pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state |
|
|
|
|
|
|
|
# assign packets to a queue. |
|
|
|
#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers |
|
|
|
#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing |
ian
21 years ago