1# $FreeBSD$ 2# $OpenBSD: faq-example1,v 1.2 2003/08/06 16:04:45 henning Exp $ 3 4# 5# Firewall for Home or Small Office 6# http://www.openbsd.org/faq/pf/example1.html 7# 8 9 10# macros 11int_if = "fxp0" 12ext_if = "ep0" 13 14tcp_services = "{ 22, 113 }" 15icmp_types = "echoreq" 16 17priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" 18 19# options 20set block-policy return 21set loginterface $ext_if 22 23# scrub 24scrub in all 25 26# nat/rdr 27nat on $ext_if from $int_if:network to any -> ($ext_if) 28rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \ 29 port 8021 30 31# filter rules 32block all 33 34pass quick on lo0 all 35 36block drop in quick on $ext_if from $priv_nets to any 37block drop out quick on $ext_if from any to $priv_nets 38 39pass in on $ext_if inet proto tcp from any to ($ext_if) \ 40 port $tcp_services flags S/SA keep state 41 42pass in inet proto icmp all icmp-type $icmp_types keep state 43 44pass in on $int_if from $int_if:network to any keep state 45pass out on $int_if from any to $int_if:network keep state 46 47pass out on $ext_if proto tcp all modulate state flags S/SA 48pass out on $ext_if proto { udp, icmp } all keep state 49