Created
December 29, 2015 20:47
-
-
Save sc68cal/593e35d1fadb2e96299b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int_if = "alc0" | |
| ext_if = "em0" | |
| myip="192.168.1.1" | |
| internal_lan = "192.168.1.0/24" | |
| table <fail2ban> persist | |
| set skip on lo0 | |
| # IPv4 NAT for internal network | |
| nat on $ext_if from $int_if:network to any -> ($ext_if) static-port | |
| block in quick from <fail2ban> | |
| block all | |
| pass out all | |
| #### IPV6 | |
| pass in on $int_if inet6 from any to any | |
| pass out on $int_if inet6 from any to any | |
| pass out on $ext_if inet6 from any to any | |
| pass in inet6 proto icmp6 | |
| ## DHCPv6 - prefix delegation | |
| pass in inet6 proto udp from any to any port 546 | |
| pass in on $int_if from $internal_lan to any | |
| ### Gateway specific rules | |
| #### IPv4 SSH access | |
| pass in on $ext_if proto tcp from any to ($ext_if) port ssh \ | |
| flags S/SA keep state | |
| #### IPv4 Ping | |
| pass in on $ext_if proto icmp from any to ($ext_if) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment