19d7ccc0fSMax Laier# $FreeBSD$ 242a227f8SMax Laier# $OpenBSD: faq-example1,v 1.5 2006/10/07 04:48:01 mcbride Exp $ 39d7ccc0fSMax Laier 49d7ccc0fSMax Laier# 59d7ccc0fSMax Laier# Firewall for Home or Small Office 69d7ccc0fSMax Laier# http://www.openbsd.org/faq/pf/example1.html 79d7ccc0fSMax Laier# 89d7ccc0fSMax Laier 99d7ccc0fSMax Laier 109d7ccc0fSMax Laier# macros 1142a227f8SMax Laierext_if="fxp0" 1242a227f8SMax Laierint_if="xl0" 139d7ccc0fSMax Laier 149d7ccc0fSMax Laiertcp_services="{ 22, 113 }" 159d7ccc0fSMax Laiericmp_types="echoreq" 169d7ccc0fSMax Laier 1742a227f8SMax Laiercomp3="192.168.0.3" 189d7ccc0fSMax Laier 199d7ccc0fSMax Laier# options 209d7ccc0fSMax Laierset block-policy return 219d7ccc0fSMax Laierset loginterface $ext_if 229d7ccc0fSMax Laier 2342a227f8SMax Laierset skip on lo 2442a227f8SMax Laier 259d7ccc0fSMax Laier# scrub 2642a227f8SMax Laierscrub in 279d7ccc0fSMax Laier 289d7ccc0fSMax Laier# nat/rdr 2942a227f8SMax Laiernat on $ext_if from !($ext_if) -> ($ext_if:0) 3042a227f8SMax Laiernat-anchor "ftp-proxy/*" 3142a227f8SMax Laierrdr-anchor "ftp-proxy/*" 3242a227f8SMax Laier 3342a227f8SMax Laierrdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 3442a227f8SMax Laierrdr on $ext_if proto tcp from any to any port 80 -> $comp3 359d7ccc0fSMax Laier 369d7ccc0fSMax Laier# filter rules 3742a227f8SMax Laierblock in 389d7ccc0fSMax Laier 3942a227f8SMax Laierpass out 409d7ccc0fSMax Laier 4142a227f8SMax Laieranchor "ftp-proxy/*" 4242a227f8SMax Laierantispoof quick for { lo $int_if } 439d7ccc0fSMax Laier 4442a227f8SMax Laierpass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services 459d7ccc0fSMax Laier 4642a227f8SMax Laierpass in on $ext_if inet proto tcp from any to $comp3 port 80 \ 4742a227f8SMax Laier synproxy state 489d7ccc0fSMax Laier 4942a227f8SMax Laierpass in inet proto icmp all icmp-type $icmp_types 509d7ccc0fSMax Laier 5142a227f8SMax Laierpass quick on $int_if no state 52