FreeBSD Bugzilla – Attachment 78260 Details for
Bug 112579
[request] No ipv6 related pf examples in /usr/share/examples/pf
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
pf_www_ssh_server_ipv6.conf.txt
pf_www_ssh_server_ipv6.conf.txt (text/plain), 2.65 KB, created by
Mohacsi Janos
on 2007-05-10 19:00:11 UTC
(
hide
)
Description:
pf_www_ssh_server_ipv6.conf.txt
Filename:
MIME Type:
Creator:
Mohacsi Janos
Created:
2007-05-10 19:00:11 UTC
Size:
2.65 KB
patch
obsolete
>#external interface >EXT = "bge0" >#internal LAN interface >LAN = "bge1" >#IPv4 address of LAN interface >LANip4 = "192.168.1.1" >#IPv6 address of LAN interface >LANip6 = "2001:db8:1:1::1" >#IPv4 address of external interface >EXTip4 = "192.168.2.1 >#IPv6 address of external interface >EXTip6 = "2001:db8:1:2::1" >#IPv4 prefix on LAN interface >LANnet4 = "192.168.1.0/24" >#IPv6 prefix on LAN interface >LANnet6 = "2001:db8:1:1::1/64" >#loopback interfaces >Lo4 = "127.0.0.1" >Lo6 = "::1" >#internal server address >LANSRV6="2001:db8:1:2::2" >LANSRV4="192.168.1.2" ># expire state connections early >set optimization aggressive >block in log all ># allow DNS requests to go out >pass out on $EXT inet proto udp from {$EXTip4, $Lo4, $LANnet4} to any port=domain keep state >pass out on $EXT inet6 proto udp from {$EXTip6, $Lo6, $LANnet6} to any port=domain keep state ># all TCP request allowed out >pass out on $EXT inet proto tcp from {EXTip4, $Lo4, $LANnet4} to any keep state >pass out on $EXT inet6 proto tcp from {EXTip6, $Lo6, $LANnet6} to any keep state ># all ping request allowed out >pass out on $EXT inet proto icmp all icmp-type 8 code 0 keep state >pass out on $EXT inet6 proto icmp6 all icmp6-type echoreq keep state ># ND solicitation out >pass out on $EXT inet6 proto icmp6 all icmp6-type {neighbradv, neighbrsol} ># ND advertisement in >pass in on $EXT inet6 proto icmp6 all icmp6-type {neighbradv, neighbrsol} >#router advertisement out >pass out on $LAN inet6 proto icmp6 all icmp6-type routersadv ># router solicitation in >pass in on $LAN inet6 proto icmp6 all icmp6-type routerrsol ># DNS request inside >pass in on $LAN inet proto from $LANnet4 to any port domain >pass in on $LAN inet6 proto from $LANnet6 to any port domain ># TCP request inside >pass in on $LAN inet proto tcp from $LANnet4 to any >pass in on $LAN inet6 proto tcp from $LANnet6 to any ># ICMP request inside >pass in on $LAN inet proto icmp all icmp-type 8 code >pass in on $LAN inet6 proto icmp6 all icmp6-type >#allow incoming connection to SSH server >pass in on $EXT inet6 proto tcp from any to $LANSRV6 port=22 keep-state >pass in on $EXT inet proto tcp from any to $LANSRV4 port=22 keep-state >#all reply from SSH server (does not really necessary) >pass in on $LAN inet6 proto tcp from $LANSRV6 port=22 to any keep-state >pass in on $LAN inet proto tcp from $LANSRV4 port=22 to any keep-state >#allow incoming connection to WWW server >pass in on $EXT inet6 proto tcp from any to $LANSRV6 port=www keep-state >pass in on $EXT inet proto tcp from any to $LANSRV4 port=www keep-state >#all reply from WWW server (does not really necessary) >pass in on $LAN inet6 proto tcp from $LANSRV6 port=www to any keep-state >pass in on $LAN inet proto tcp from $LANSRV4 port=www to any
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=78260">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 112579
:
78259
| 78260