| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
Check interface status with
ifconfig -a
/etc/pf.conf
ext_if = "ep0" # macro for extrnal interface - use tun0 for PPPoE
int_if = "ep1" # macro for internal interface
nat on $ext_if from $localnet to any -> ($ext_if) # ext_if IP address is (may be) dynamic
block all
pass inet proto tcp from { lo0, $int_if:network } to any keep state