diff options
| author | mlaier <mlaier@FreeBSD.org> | 2007-11-11 01:16:51 +0000 |
|---|---|---|
| committer | mlaier <mlaier@FreeBSD.org> | 2007-11-11 01:16:51 +0000 |
| commit | 439399edf83695101aa71cf53c06c52d7ffa7eb9 (patch) | |
| tree | 107db76477a50666618c07f3792898601748b344 /share/examples/pf/pf.conf | |
| parent | 10e9042adf470ef6aa9ff73f8e0fa5a48d2139b3 (diff) | |
| download | FreeBSD-src-439399edf83695101aa71cf53c06c52d7ffa7eb9.zip FreeBSD-src-439399edf83695101aa71cf53c06c52d7ffa7eb9.tar.gz | |
Update pf examples from OpenBSD to catch up with new stateful defaults and
other syntax changes. Move pf.conf from /etc to examples, too.
Diffstat (limited to 'share/examples/pf/pf.conf')
| -rw-r--r-- | share/examples/pf/pf.conf | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/share/examples/pf/pf.conf b/share/examples/pf/pf.conf new file mode 100644 index 0000000..bd3091b --- /dev/null +++ b/share/examples/pf/pf.conf @@ -0,0 +1,34 @@ +# $FreeBSD$ +# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $ +# +# See pf.conf(5) and /usr/share/examples/pf for syntax and examples. +# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 +# in /etc/sysctl.conf if packets are to be forwarded between interfaces. + +#ext_if="ext0" +#int_if="int0" + +#table <spamd-white> persist + +#set skip on lo + +#scrub in + +#nat-anchor "ftp-proxy/*" +#rdr-anchor "ftp-proxy/*" +#nat on $ext_if from !($ext_if) -> ($ext_if:0) +#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 +#no rdr on $ext_if proto tcp from <spamd-white> to any port smtp +#rdr pass on $ext_if proto tcp from any to any port smtp \ +# -> 127.0.0.1 port spamd + +#anchor "ftp-proxy/*" +#block in +#pass out + +#pass quick on $int_if no state +#antispoof quick for { lo $int_if } + +#pass in on $ext_if proto tcp to ($ext_if) port ssh +#pass in log on $ext_if proto tcp to ($ext_if) port smtp +#pass out log on $ext_if proto tcp from ($ext_if) to port smtp |
