Attachment 232853 Details for Bug 262971 – pf.conf

pf.conf

file_262971.txt (text/plain), 1.59 KB, created by Dave Cottlehuber on 2022-04-01 07:03:41 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Dave Cottlehuber

Created: 2022-04-01 07:03:41 UTC

Size: 1.59 KB

patch

obsolete

>protocols       = "{ tcp, udp }"
>blocked_ports   = "{ syslog, epmd, amqp, couchdb }"
>tcp_services    = "{ domain, http, https, rsync, 15000 }"
>udp_services    = "{ domain }"
>dhcp		= "{ bootpc, bootps, tftp, dhcpv6-client, dhcpv6-server }"
>zerotier	= "{ 9993, 9994, 9995, 9996, 9997, 9998 }"
>
>extl_if = "igb0"
>local_if= "lagg0"
>intl_if = "lo0"
>jail_if = "lo1"
>koan_if = "ztagim5o45dhe4c"
>zero_if = "zt1flo98dm17np8"
>
>internet = $extl_if:network
>local_net= $local_if:network
>intl_net = $intl_if:network
>jail_net = $jail_if:network
>zero_net = "{ fc7b:c4d6:6be2:8e50:6c98::/40 }"
>koan_net = "{ fca2:927d:4de2:8e50:6c98::/40 }"
>
>set limit { states 200000, frags 40000, src-nodes 40000 }
>set timeout { adaptive.start 180000, adaptive.end 200000 }
>
>set skip on { $intl_if, $jail_if }
>set skip on { $zero_if, $koan_if }
>
>table <badhosts> persist file "/etc/pf.blocklist"
>
>
>nat on $extl_if inet from   $local_net -> ($extl_if:0)
>nat on $extl_if inet from   $jail_net  -> ($extl_if:0)
>
>
>rdr pass on $extl_if proto tcp from any to any port { http https 15000 32400 } -> 172.16.1.4 
>rdr pass on $extl_if proto udp from any to $extl_if port { 7777 9000 } -> 172.16.1.4 
>
>block in  log all
>
>pass  in  log quick on $extl_if proto tcp from any to any port { http https 32400 }
>pass in quick on $extl_if proto {udp, tcp} from any to any port $zerotier
>pass in quick on $extl_if inet proto icmp from any to any
>pass in quick on $extl_if proto tcp from any to any port { http https domain }
>
>pass in  quick on $extl_if proto { tcp }      from any to $extl_if port $tcp_services
>
>pass in all
>pass out all

Actions: View

Attachments on bug 262971: 232853