Hi, > Am 28.10.2014 um 21:55 schrieb Romain FABBRI > <[email protected]>: > > I found something interesting today playing with a Netasq F150 (rebranded > Stormshield firewall). > The firewall OS (named ASQ) is based on the top of FreeBSD. > > When I looked at the internal text files which contains the configuration for > the firewall rules I found that the rule syntax looks a lot like PF. > > Simple coincidence ?
So what? FreeBSD uses an ancient version of PF, just see the weird/obsolete NAT rules below. There are OpenBSD-based firewall products with real PF from <shameless-plug>Esdenera</shameless-plug>, GeNUA or others. But, in either way, posts related to FreeBSD’s ancient PF or something like my shameless plug are totally off-topic on this list. Reyk > > #============================================= > # /usr/Firewall/ConfigFiles/Filter > #============================================= > # more 02 > [Filter] > pass from network_internals to any port web_srv > pass from network_internals to any port ftp # Force FTP analysis > pass from network_internals to any port mail_srv > pass ipproto icmp type 8 code 0 from network_internals to any # Accept PING > only > > # more 03 > [Filter] > pass from network_internals to any port plugins # Force plugins analysis > pass ipproto tcp from network_internals to any # Accept TCP only > > # more 04 > [Filter] > pass from network_internals to any port plugins # Force plugins analysis > pass from network_internals to any # Accept all > > # more 05 > [Filter] > pass inspection firewall log from IP_Pub-MainPool1 on out to IP_Pub_1.1.1.2 > port microsoft-ts -> to srv-ToIP_4760 rulename "Télémaintenance" > pass inspection firewall log from IP_Pub-MainPool1 on out to Firewall_out_1 > port Port_4343 -> to Ctrl-Wifi rulename "Télémaintenance" > pass inspection firewall log from Network_internals to shared-printer > rulename "Shared Printer" # Internet > pass inspection firewall log from Network_Cutomer_A|Network_Phone-TOIP to > Network_Vlans_Impairs port ssh|Port_4343|https|telnet rulename "Admin Switch > + FW" # Internet > pass inspection firewall log from Network_internals to internet rulename > "Internet" # Internet > pass inspection firewall log from any to firewall_all port > firewall_srv|ssh|https # Admin from everywhere > pass inspection firewall log ipproto icmp type 8 code 0 proto none from any > to any # Allow Ping from everywhere > block inspection firewall log from any to any # Block all > > [NAT] > nat from Network_Phone-TOIP to internet -> from IP_Pub_1.1.1.2 to original > nat from Network_KI_EXECUTIVE to internet -> from IP_Pub_1.1.1.2 to original > nat from VisioConférence to any on out -> from IP_Pub_1.2.3.4 arp -# > NAT > nat from any on out to IP_Pub_1.2.4.5 -> beforevpn to VideoConference arp- > # NAT > nat from Network_internals to internet on out -> from Firewall_out_1 to > original
