Re: [FUG-BR] Firewall PF e Samba (Resolvido)

Leandro L J S Thu, 17 Jan 2008 06:19:03 -0800

Bom dia a todos
como me foi pedido envio o que consegui para solucionar meu problema


Cenário
xl0 -> Rede interna
xl1 -> VPN e rede Wireless

pf.conf

# Options: tune the behavior of pf, default values are given.
set timeout { interval 10, frag 30 }
set timeout { tcp.first 90, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 60, icmp.error 30 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 10000, frags 5000 }
set loginterface vr0
set optimization aggressive
set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"
set skip on lo0

# Scrub para todas as interfaces para pacotes fragmentos perdidos
scrub in  all
scrub out  all

#Queue Controle de Banda
altq on xl0 bandwidth 1Gb cbq queue { \
defaultxl0, A003u, A003d, ..., samba }

#Queue Controle de Banda
altq on xl1 bandwidth 1Gb cbq queue { \
defaultxl1, B002u, B002d, ..., samba1 }

#Queues

#Cliente Interno 1
queue A003d on xl0 bandwidth 128Kb cbq (red)
queue A003u on xl0 bandwidth 128Kb cbq (red)
#Queues do Sistema
queue defaultxl0 on xl0 bandwidth 64Kb cbq (default)
queue samba on xl0 bandwidth 50Mb cbq (borrow)

#Queues

#Cliente Externo 1
queue B002d on xl1 bandwidth 128Kb cbq (red)
queue B002u on xl1 bandwidth 128Kb cbq (red)
#Queues do Sistema
queue defaultxl1 on xl1 bandwidth 64Kb cbq (default)
queue samba1 on xl1 bandwidth 50Mb cbq (borrow)

#Bloqueando a(s) interface(s) interna(s)
block on xl0 all
block on xl1 all

pass in  quick on lo0 all
pass out quick on lo0 all

# Controle do Samba
pass in quick on xl0 proto { udp, tcp } from any to any port { 137, 138, 
139, 445 } queue samba
pass out quick on xl0 proto { udp, tcp } from any port { 137, 138, 139, 
445 } to any queue samba
pass in quick on xl1 proto { udp, tcp } from any to any port { 137, 138, 
139, 445 } queue samba1
pass out quick on xl1 proto { udp, tcp } from any port { 137, 138, 139, 
445 } to any queue samba1

#Cliente Interno 1
pass in quick  on xl0 inet from 192.168.10.3 to any label A003u queue A003u
pass out quick on xl0 inet from any to 192.168.10.3 label A003d queue A003d

#Cliente Externo 1
pass in quick  on xl1 inet from 192.168.11.2 to any label B002u queue B002u
pass out quick on xl1 inet from any to 192.168.11.2 label B002d queue B002d


Falow pessoal

-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] Firewall PF e Samba (Resolvido)

Responder a