xref: /freebsd/share/examples/pf/faq-example1 (revision 9336e0699bda8a301cd2bfa37106b6ec5e32012e)
1# $FreeBSD$
2# $OpenBSD: faq-example1,v 1.5 2006/10/07 04:48:01 mcbride Exp $
3
4#
5# Firewall for Home or Small Office
6# http://www.openbsd.org/faq/pf/example1.html
7#
8
9
10# macros
11ext_if="fxp0"
12int_if="xl0"
13
14tcp_services="{ 22, 113 }"
15icmp_types="echoreq"
16
17comp3="192.168.0.3"
18
19# options
20set block-policy return
21set loginterface $ext_if
22
23set skip on lo
24
25# scrub
26scrub in
27
28# nat/rdr
29nat on $ext_if from !($ext_if) -> ($ext_if:0)
30nat-anchor "ftp-proxy/*"
31rdr-anchor "ftp-proxy/*"
32
33rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
34rdr on $ext_if proto tcp from any to any port 80 -> $comp3
35
36# filter rules
37block in
38
39pass out
40
41anchor "ftp-proxy/*"
42antispoof quick for { lo $int_if }
43
44pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services
45
46pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
47    synproxy state
48
49pass in inet proto icmp all icmp-type $icmp_types
50
51pass quick on $int_if no state
52