Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)
Paste
Pasted as Bash by Butek ( 15 years ago )
gate# cat /etc/pf.conf
# Macros
ext_if = "rl0"
int_if = "nfe0"
extnet = "172.0.0.0/8"
lannet = "192.168.0.0/24"
ext_ip = "172.16.24.35/32"
bsd = "192.168.0.77/32"
private_nets="{ 127.0.0.0/8, 192.168.0.0/24, 0.0.0.0/8, 240.0.0.0/4}"
set block-policy drop
set state-policy floating
set loginterface $ext_if
set limit { frags 100000, states 100000 }
set optimization normal
set skip on lo0
scrub in all
# NAT
nat on $ext_if inet from $lannet to any -> $ext_ip
# Rules
antispoof quick for {lo0, $int_if, $ext_if }
block log all
block drop in quick on $ext_if from $private_nets to any
pass inet proto icmp icmp-type echoreq
pass in on $int_if proto tcp from any to any port >0
pass out on $ext_if proto tcp from any to any
pass out on $ext_if proto udp from any to any keep state
pass out on $int_if proto tcp from any to any
pass out on $int_if proto udp from any to any keep state
gate# cat /etc/resolv.conf
nameserver 172.16.128.20
nameserver 172.16.0.151
gate# cat /etc/rc.conf
# -- sysinstall generated deltas -- # Wed Jan 26 14:42:41 2011
# Created: Wed Jan 26 14:42:41 2011
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="gate"
defaultrouter="172.16.127.254"
#ifconfig_rl0="ether 00:0e:0c:3c:ca:91"
#ifconfig_rl0_alias0="inet 172.16.24.35 netmask 255.255.128.0"
ifconfig_rl0="inet 172.16.24.35 netmask 255.255.128.0"
ifconfig_nfe0="inet 192.168.0.77 netmask 255.255.255.0"
gateway_enable="YES"
keymap="ru.koi8-r"
sshd_enable="YES"
pf_enable="YES"
pflog_enable="YES"
Revise this Paste