PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
/etc/pf.conf
ext_if = "re0" int_if = "ath0" auth_web="192.168.27.20" dhcp_services = "{ bootps, bootpc }" # DHCP server + client table <authpf_users> persist pass in quick on $int_if proto tcp from ! <authpf_users> to port http rdr-to $auth_web match out on $ext_if from $int_if:network nat-to ($ext_if) anchor "authpf/*" block all pass quick on $int_if inet proto { tcp, udp } to $int_if port $dhcp_services pass quick inet proto { tcp, udp } from $int_if:network to any port domain pass quick on $int_if inet proto { tcp, udp } to $int_if port ssh