I was wondering if I could get some opinions on this ruleset
please -
Basically, I have FreeBSD6.1, running an IRC server on ports
6697, 7000,
6659 thorough to 6671, 9999, 27888. I am also running a
nameserver, so have
opened TCP and UDP 53. I also want incoming on port 80 and
22.
I have about 15 IP addresses assigned to my external
interface... would it
be better to make a table for these? Or is using the ext_if
as a macro just
as effective?
ext_if="rl0"
tcp_services="{ 22, 80, 53, 6633, 6697, 7000, 6659
>< 6671, 9999, 27888 }"
udp_services="
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
scrub in
block in
pass out keep state
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if)
port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto udp from any to ($ext_if)
port $udp_services keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|