Freebsd PF 安装使用

核心提示： #设定拒绝联机封包的处理方式set block-policy return#set optimization aggressive#纪录 $ext_ifset loginterface $ext_if# scrub#整理封包scrub in all#nat#NAT 地址转译处理nat on

#设定拒绝联机封包的处理方式

set block-policy return

#

set optimization aggressive

#纪录 $ext_if

set loginterface $ext_if

# scrub

#整理封包

scrub in all

#nat

#NAT 地址转译处理

nat on $ext_if from $int_if:network to any -> $ext_if

#ftp-proxy

#ftp-proxy 重新导向

rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

#rdr on $ext_if proto tcp from any to 140.111.152.13 port 21 -> 192.168.13.253 port 21

#Transparent Proxy Server

rdr on rl0 proto tcp from 192.168.13.0/24 to any 80 -> 127.0.0.1 port 3128

#阻挡可疑封包在 $ext_if 网卡进出

antispoof log quick for $ext_if

#阻挡所有进出的封包

block all

#开放 loopback

pass quick on lo0 all

#拒绝内部私有 IP 对 $ext_if 网络卡联机

block drop in quick on $ext_if from $priv_nets to any

block drop out quick on $ext_if from any to $priv_nets

#开放对外的 80, 443 埠

pass in on $ext_if inet proto tcp from any to $ext_if port $open_services flags S/SA keep state

#只容许 140.111.152.0/24 网段对本机做 22 埠联机

pass in on $ext_if inet proto tcp from 140.111.152.0/24 to $ext_if port 22 flags S/SA keep state

#开放内部网络对外联机

#pass in on $inf_if proto rcp from any to any queue std_in

pass in on $int_if from $int_if:network to any keep state