User Tools
network:packet_filter:start
This is an old revision of the document!
Packet Filter
Load Balance
- pf.conf
# --------------- file /etc/pf.conf -------------------- lan_net = "10.1.0.0/22" int_if = "fxp0" ext_if1 = "xl0" ext_if2 = "xl1" ext_gw1 = "192.168.103.1" ext_gw2 = "192.168.104.1" virus_ports="{135,137,139,445,1080,1025,1026,1433,1434}" tcp_udp = "{tcp,udp}" #nat on $ext_if1 from $lan_net to any -> ($ext_if1) #nat on $ext_if2 from $lan_net to any -> ($ext_if2) #nat on $ext_if1 from $lan_net to any -> $ext_if1 static-port #nat on $ext_if2 from $lan_net to any -> $ext_if2 static-port #block virus port #block in quick proto $tcp_udp from any port $virus_ports to any #block out quick proto $tcp_udp from any to any port $virus_ports pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin \ proto tcp from $lan_net to any flags S/SA modulate state pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin \ proto {udp,icmp} from $lan_net to any keep state pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) proto tcp from ($ext_if2) to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) proto tcp from ($ext_if1) to any
network/packet_filter/start.1363375006.txt.gz · Last modified: 2013/03/15 14:16 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
