int_if="rl0"
ext_if="rl1"
internal_net="86.55.128.0/24"
table <filtre> {86.55.128.2, 86.55.128.3, 86.55.128.4, 86.55.128.5,
86.55.128.6, 86.55.128.7, 86.55.128.8, 86.55.128.9, 86.55.128.10}
scrub in all
#ALTQ
#altq on $int_if bandwidth 100Mb hfsc queue {probe}
#queue probe bandwidth 100% hfsc(default realtime 192Kb upperlimit 192Kb)
#FILTRE
block drop all
#LO0
pass on lo0 all
#ICMP
pass in on $int_if inet proto icmp from $internal_net to any keep state
pass out on $int_if inet proto icmp from any to $internal_net keep state
pass in on $ext_if inet proto icmp from any to {$ext_if,$internal_net}
keep state
pass out on $ext_if inet proto icmp from {$ext_if,$internal_net} to any
keep state
#TCP/UDP
pass in on $int_if inet proto {udp,tcp} from $internal_net to any keep state
pass out on $int_if inet proto {udp,tcp} from any to $internal_net keep
state
pass in on $ext_if inet proto {tcp,udp} from any to
{$internal_net,$ext_if} keep state
pass out on $ext_if inet proto {tcp,udp} from {$internal_net,$ext_if} to
any keep state
###filtre
block in on $int_if inet proto {tcp, udp, icmp} from <filtre> to any
---------
Daca "decomentez" altq ... moare ping din $internal_net catre
calculatorul acesta de tot.
vanguard wrote:
posteaza te rog tot pf.conf
vanguard
begin:vcard
fn:Mircea Stanciu
n:;Mircea Stanciu
org:Radiocom;Compartiment Monitorizare Emitatori RD TV
email;internet:[EMAIL PROTECTED]
title:Sef Birou Administrare Retea Monitorizare
tel;cell:0788.181.385
url:http://www.radiocom.ro
version:2.1
end:vcard
