[BSD] Jail - ftp - Ipnat
Illó Gábor
stageline at gmail.com
2009. Júl. 23., Cs, 19:15:24 CEST
2009/7/23 pwmosquito at szendezs.com <pwmosquito at szendezs.com>:
> Egyszerubb lenne ha bemasolnad a pf.conf-odat, de latatlanban is egyertelmu
> a hiba: nem jo sorrendben vannak a dolgok.
>
> Balazs, kossz a roviditest.
>
> Zsolt
Igaz, ime:
int_if="em0"
icmp_types = "echoreq"
public_ip = "195.228.156.104"
# Tell if we return or drop blocked packets in general
set block-policy return
# don't filter on the loopback interface
set skip on lo0
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in all
# Set Antispoof rule
antispoof for $int_if
# Block all incoming traffic
block in all
# activate spoofing protection for all interfaces
block in quick from urpf-failed
# Allow all outgoing traffic
pass out all keep state
# Allow ping
pass in inet proto icmp all icmp-type $icmp_types
# Allow incoming
pass in proto tcp to $int_if port {21,25,80,443,1985}
# FTP nat - redirect
nat on $int_if from 127.1.0.1 to any -> $public_ip
rdr pass on $int_if proto tcp from any to any port 21 -> 127.1.0.1 port 21
rdr pass on $int_if proto tcp from any to any port 30000:31000 ->
127.1.0.1 port 30000:31000
További információk a(z) BSD levelezőlistáról