PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
Pre-4.7:
ext_if = "re0" int_if = "ath0" auth_web="192.168.27.20" dhcp_services = "{ bootps, bootpc }" # DHCP server + client table <authpf_users> persist rdr pass on $int_if proto tcp from ! <authpf_users> to any port http -> $auth_web nat on $ext_if from $localnet to any -> ($ext_if) nat-anchor "authpf/*" rdr-anchor "authpf/*" binat-anchor "authpf/*" anchor "authpf/*" block all pass quick on $int_if inet proto { tcp, udp } to $int_if port $dhcp_services pass quick inet proto { tcp, udp } from $int_if:network to port domain pass quick on $int_if inet proto { tcp, udp } to $int_if port ssh