1# $FreeBSD$ 2# $OpenBSD: faq-example1,v 1.5 2006/10/07 04:48:01 mcbride Exp $ 3 4# 5# Firewall for Home or Small Office 6# http://www.openbsd.org/faq/pf/example1.html 7# 8 9 10# macros 11ext_if="fxp0" 12int_if="xl0" 13 14tcp_services="{ 22, 113 }" 15icmp_types="echoreq" 16 17comp3="192.168.0.3" 18 19# options 20set block-policy return 21set loginterface $ext_if 22 23set skip on lo 24 25# scrub 26scrub in 27 28# nat/rdr 29nat on $ext_if from !($ext_if) -> ($ext_if:0) 30nat-anchor "ftp-proxy/*" 31rdr-anchor "ftp-proxy/*" 32 33rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 34rdr on $ext_if proto tcp from any to any port 80 -> $comp3 35 36# filter rules 37block in 38 39pass out 40 41anchor "ftp-proxy/*" 42antispoof quick for { lo $int_if } 43 44pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services 45 46pass in on $ext_if inet proto tcp from any to $comp3 port 80 \ 47 synproxy state 48 49pass in inet proto icmp all icmp-type $icmp_types 50 51pass quick on $int_if no state 52