| Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
|---|---|---|
| Prev | Next | |
/etc/pf.conf
ext_if = "re0" # macro for external interface - use tun0 for PPPoE
int_if = "re1" # macro for internal interface
# ext_if IP address is (may be) dynamic
match out on $ext_if inet nat-to ($ext_if)
block all
pass inet proto tcp from { self, $int_if:network }