I am sorry that I didn't give you the details. Sorry, I was resting on my laurels (I think there exists if not this one a similar expression in English, right?)...
This is meant to be a simply home firewall to provide very basic NAT, routing and firewall protection. I have a DSL connection and I am not providing any service to the external world... here you are the whole file ------------------------------------------------------------------------- #set our macros ext_if="iwi1" #the external interface int_if="iwi0" #the internal interface internal_net="192.168.2.1/24" #first, normalize packets we transmit and receive scrub in all #then, give NAT to our internal addresses nat on $ext_if from $internal_net to any -> ($ext_if) #We want outbound FTP to work properly, so let's enable the #FTP proxy. Be sure you have ftp-proxy running out of inetd(8)! rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021 #We're not doing any packet shaping, so let's go directly to the #packet filtering. We'll block everything first, and then only #explicitly allow desirable traffic. block in log all #As our client operating systems may be running some godforsaken #operating system with poor ISN selection, we'll use state modulation. pass in on $int_if inet from $internal_net to any modulate state #I'd like to be able to SSH to my network from anywhere pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh keep state #and, don't forget to allow our ftp-proxy program to connect back to #the firewall! pass in on $ext_if inet proto tcp from any to ($ext_if) user proxy keep state ------------------------------------------------------------------------------------------------------------- _______________________________________________ Openbsd-newbies mailing list [email protected] http://mailman.theapt.org/listinfo/openbsd-newbies
