#################################################################### # OpenBSD: pf.conf,v 1.6 # by nolandda May 29 2003 #################################################################### #################################################################### # Normalize: reassemble fragments and resolve or reduce traffic ambiguities #################################################################### scrub in all #################################################################### # Declare Interfaces #################################################################### LOIF="lo0" INTIF="dc0" EXTIF="ne3" #################################################################### # nat: packets going out through EXTIF with source address # 10.0.0.0/8 will get translated as coming from EXTIF. a state # is created for such packets, and incoming packets will be # redirected to the internal address. #################################################################### nat on $EXTIF from 10.0.0.0/24 to any -> ($EXTIF) #################################################################### # Redirect to the ftp-proxy #################################################################### rdr on $INTIF proto tcp from any to any port 21 -> 127.0.0.1 port 8081 #### Yakov's Movie IRC trading stuff #### rdr on $EXTIF proto tcp from any to ($EXTIF) port 59 -> 10.0.0.131 port 59 rdr on $EXTIF proto tcp from any to ($EXTIF) port 4995 -> 10.0.0.131 port 4995 rdr on $EXTIF proto tcp from any to ($EXTIF) port 4996 -> 10.0.0.131 port 4996 rdr on $EXTIF proto tcp from any to ($EXTIF) port 4997 -> 10.0.0.131 port 4997 rdr on $EXTIF proto tcp from any to ($EXTIF) port 4998 -> 10.0.0.131 port 4998 rdr on $EXTIF proto tcp from any to ($EXTIF) port 4999 -> 10.0.0.131 port 4999 rdr on $EXTIF proto tcp from any to ($EXTIF) port 5000 -> 10.0.0.131 port 5000 # Redirect to calypso's appache # rdr on $EXTIF proto tcp from any to $EXTIF port 80 -> 10.0.0.128 port 80 #################################################################### # filter rules #################################################################### #### Block Everything by Default #### block in log on $EXTIF all #### Allow ssh #### pass in on $EXTIF proto tcp from any to $EXTIF port 22 flags S keep state #### Allow Web #### pass in on $EXTIF proto tcp from any to $EXTIF port 80 flags S keep state #### Allow data mode connectinos for ftp-proxy #### pass in on $EXTIF proto tcp from any to $EXTIF port > 49152 #### Allow stuff inside to get out #### pass out on $EXTIF all pass out on $EXTIF proto tcp from any to any flags S keep state pass out on $EXTIF proto udp from any to any keep state pass out on $EXTIF proto icmp from any to any keep state #pass out on $EXTIF proto icmp from any to any keep state #### Allow stuff inside to flow freely #### pass in on $INTIF all pass in on $INTIF proto tcp from any to any flags S keep state pass in on $INTIF proto udp from any to any keep state pass in on $INTIF proto icmp from any to any keep state pass out on $INTIF all pass out on $INTIF proto tcp from any to any flags S keep state pass out on $INTIF proto udp from any to any keep state pass out on $INTIF proto icmp from any to any keep state