1# $OpenBSD: faq-example1,v 1.5 2006/10/07 04:48:01 mcbride Exp $ 2 3# 4# Firewall for Home or Small Office 5# http://www.openbsd.org/faq/pf/example1.html 6# 7 8 9# macros 10ext_if="fxp0" 11int_if="xl0" 12 13tcp_services="{ 22, 113 }" 14icmp_types="echoreq" 15 16comp3="192.168.0.3" 17 18# options 19set block-policy return 20set loginterface $ext_if 21 22set skip on lo 23 24# scrub 25scrub in 26 27# nat/rdr 28nat on $ext_if inet from !($ext_if) -> ($ext_if:0) 29nat-anchor "ftp-proxy/*" 30rdr-anchor "ftp-proxy/*" 31 32rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 33rdr on $ext_if proto tcp from any to any port 80 -> $comp3 34 35# filter rules 36block in 37 38pass out 39 40anchor "ftp-proxy/*" 41antispoof quick for { lo $int_if } 42 43pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services 44 45pass in on $ext_if inet proto tcp from any to $comp3 port 80 \ 46 synproxy state 47 48pass in inet proto icmp all icmp-type $icmp_types 49 50pass quick on $int_if no state 51