Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
43 lines (32 sloc) 1.09 KB
# ctrl -- 20080926
# Define interfaces
int_if = "re0"
ext_if = "tun0"
# RFC1918
priv_nets = "{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
# Those wonderful scrubbing bubbles
##scrub in all
match in all scrub (no-df max-mss 1440)
# Filtering begins
block log all
# Local machine stuff
pass quick on lo0 all
pass in on $int_if from $int_if:network to any
pass out on $int_if from any to $int_if:network
block in quick on $ext_if from $priv_nets to any
block out quick on $ext_if from any to $priv_nets
antispoof log for { $int_if, $ext_if }
# Pass in allowed servers
#pass in on $ext_if proto tcp from any to ($ext_if) port ssh flags S/SA keep state
#pass in on $ext_if proto tcp from any to ($ext_if) port 80 flags S/SA keep state
# Out to the internet
#pass out on $ext_if proto tcp all modulate state flags S/SA
#pass out on $ext_if proto { udp, icmp, esp } all keep state
# for vpnc
#pass out on tun1 proto tcp all modulate state flags S/SA
# out for if
pass out on tun0
pass out on tun1
pass out on gif0
# for rtorrent
pass in on $ext_if proto tcp from any to any port 44123 keep state