Re: pppoe0 doesn't get ip address - how to reconnect ?

Xavier Milliès-Lacroix Tue, 15 Jul 2008 08:58:08 -0700

2008/7/15 Henning Brauer <[EMAIL PROTECTED]>:

> * Xavier Millihs-Lacroix <[EMAIL PROTECTED]> [2008-07-15 14:15]:
> > > pppoe automagically reconnects
> > So if my ip change I still have to reload pf ?
>
> not if you write your pf.conf correctly
>
> Here is my actual version. I 'will add later spamd, sshbruteforece.
Do you think my pf.conf is correct ?


Xavier.

 # macros

ext_if="pppoe0"

int_if="vr1"



tcp_services="{ 22, 113 }"

icmp_types="echoreq"



comp3="192.168.1.2"



# options

set block-policy return

set loginterface $ext_if



set skip on lo



# scrub

scrub in



# nat/rdr

nat on $ext_if from !($ext_if) -> ($ext_if:0)

nat-anchor "ftp-proxy/*"

rdr-anchor "ftp-proxy/*"



rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021

rdr on $ext_if proto tcp from any to any port 80 -> $comp3



# filter rules

block in



pass out keep state



anchor "ftp-proxy/*"

antispoof quick for { lo $int_if }



pass in on $ext_if inet proto tcp from any to ($ext_if) \

   port $tcp_services flags S/SA keep state



pass in on $ext_if inet proto tcp from any to $comp3 port 80 \

    flags S/SA synproxy state



pass in inet proto icmp all icmp-type $icmp_types keep state



pass in quick on $int_if





/etc/pf.conf

# macros

ext_if="pppoe0"

int_if="vr1"



tcp_services="{ 22, 113, 443 }"

icmp_types="echoreq"



srvexchange="192.168.1.2"

tcp_srvexchange="{ 25, 110, 1024 }"

srvfiles="192.168.1.10"

tcp_srvfiles="{ 873, 3389 }"



# options

set block-policy return

set loginterface $ext_if



set skip on lo



# scrub

scrub in



# nat/rdr

nat on $ext_if from !($ext_if) -> ($ext_if:0)

nat-anchor "ftp-proxy/*"

rdr-anchor "ftp-proxy/*"



rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021



rdr on $ext_if proto tcp from any to any port $tcp_srvfiles -> $srvfiles

rdr on $ext_if proto tcp from any to any port $tcp_srvexchange ->
$srvexchange



# filter rules

block in



pass out keep state



anchor "ftp-proxy/*"

antispoof quick for { lo $int_if }



pass in on $ext_if inet proto tcp from any to ($ext_if) \

   port $tcp_services flags S/SA keep state



pass in on $ext_if inet proto tcp from any to $srvfiles port $tcp_srvfiles \

    flags S/SA synproxy state

pass in on $ext_if inet proto tcp from any to $srvexchange port
$tcp_srvexchange \

    flags S/SA synproxy state



pass in inet proto icmp all icmp-type $icmp_types keep state



pass in quick on $int_if

Re: pppoe0 doesn't get ip address - how to reconnect ?

Reply via email to