PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
Assigning traffic via pass rules:
pass in on $ext_if proto { tcp, udp } to $nameservers port domain \ set queue ext_udp set prio (6,5) pass in on $int_if proto { tcp, udp } from $localnet to $nameservers port domain pass out on $dmz_if proto { tcp, udp } to $nameservers port domain \ set queue ext_dmz_udp set prio (6,5) pass out on $dmz_if proto { tcp, udp } from $localnet to $nameservers \ port domain set queue dmz_udp pass in on $ext_if proto tcp to $webserver port $webports set queue ext_web pass in on $int_if proto tcp from $localnet to $webserver port $webports pass out on $dmz_if proto tcp to $webserver port $webports set queue ext_dmz_web pass out on $dmz_if proto tcp from $localnet to $webserver port $webports \ set queue dmz_web pass in log on $ext_if proto tcp to $mailserver port smtp pass in log on $ext_if proto tcp from $localnet to $mailserver port smtp pass in log on $int_if proto tcp from $localnet to $mailserver port $email pass out log on $dmz_if proto tcp to $mailserver port smtp set queue ext_mail pass in on $dmz_if proto tcp from $mailserver to port smtp set queue dmz_mail pass out log on $ext_if proto tcp from $mailserver to port smtp \ set queue ext_dmz_mail