On Sun, Dec 05, 2004 at 06:46:02PM +0100, uhel wrote:
> Hi,
>
> i've read that IPF 4.1.x supports simple macros but i've found no
> example. I updated my NetBSD box to 2.0 which has IPF 4.1.3 but it
> has an old manpage without macros..
> Can anyone give me one or two examples howto use the marco thing?
>
Here are a few examples:
ext_if="ex0";
lo_if="lo0";
tcp_flags="S/SA";
tcp_services="(22, 80, 443)";
private_nets="(192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8)";
pass in quick on $lo_if all
pass out quick on $lo_if all
block in on $ext_if all
block out on $ext_if all
block in quick on $ext_if from $private_nets to any
pass in quick on $ext_if proto tcp from any to any port = $tcp_services \
flags $tcp_flags keep state
pass in quick on $ext_if proto udp from any to any port = 53 keep state
pass out quick on $ext_if all keep state
--
Peter Postma
