| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
/etc/authpf/authpf.rules,
# Services which live on the internal network
# and need to be accessible
tcp_services = "{ 22, 25, 53, 80, 110, 113, 995 }"
udp_services = "{ 53 }"
tcp_in = " { 22, 25, 53, 80, 993, 2317, pop3}"
udp_in = "{ 53 }"
# Pass traffic to elsewhere, that is the outside world
pass in on $wi_if inet from <authpf_users> to ! $int_if:network \
keep state
# Let authenticated users use services on
# the internal network.
pass in on $wi_if inet proto tcp from <authpf_users> to $server \
port $tcp_in keep state
pass in on $wi_if inet proto udp from <authpf_users> to $server \
port $udp_in keep state
# Also pass to external address. This means you can access
# internal services on external addesses.
pass in on $wi_if inet proto tcp from <authpf_users> to $myaddr \
port $tcp_in keep state
pass in on $wi_if inet proto udp from <authpf_users> to $myaddr \
port $udp_in keep state