Hello
I did add ipv6 and I wonder if my pf.conf filter ipv6 traffic.
And I add the line in FAQ for ftp but it does not work maybe because of
the trunked interface but I don't know what to do to correct that.
Here the pf.conf:# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04
sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
anchor "ftp-proxy/*"
block return # block stateless traffic
#pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# For fragmented packet and antispoof
match in all scrub (no-df)
antispoof for { axen0 }
# For ICMP
pass inet proto icmp all
# Personal rules - traditional block all + whitelisting used
tcp_admin = "ssh ntp auth domain"
tcp_files = "www https 70 1965"
tcp_mail = "imap imaps smtp smtps submission"
tcp_services = "{" $tcp_admin $tcp_files $tcp_mail "}"
udp_services = "{ submission domain ntp }"
pass out proto tcp to port $tcp_services
pass in proto tcp to port domain
pass proto udp to port $udp_services
#ftp
pass in quick on {trunk0 axen0 qwx0} inet proto tcp to port 21 divert-to
127.0.0.1 port 8021
# For avahi
pass in proto udp from any to 224.0.0.251 port 5353 allow-opts
It can have more problems, please comment.
Bye
