Skip to content

Instantly share code, notes, and snippets.

@voldern
Created December 8, 2008 19:15
Show Gist options
  • Save voldern/33572 to your computer and use it in GitHub Desktop.
Save voldern/33572 to your computer and use it in GitHub Desktop.
#### VARIABLES ####
# network
localnet = "10.0.0.0/24"
externip = "**.***.***.**"
if = "le0"
# services
tcp_in = "{ ssh, www }"
tcp_out = "{ ssh, www, auth, ftp, ftp-data }"
udp_s = "{ domain, ntp }"
jail_in = "{ ssh, www }"
#### NAT and RDR ####
# Redirect all ftp traffic to proxy
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
# Redirect https to ssh (ssh does not listen to localhost)
rdr pass proto tcp from any to any port https -> $externip port ssh
# NAT for the jails
nat on $if from $localnet to any -> $externip
#### Filtering ####
block all
anchor "ftp-proxy/*"
pass from { lo0, $localnet } to any
pass proto { tcp, udp } to any port $udp_s
pass in proto tcp to any port $tcp_in
pass out proto tcp to any port $tcp_out
# Jails
pass in proto tcp to $localnet port $jail_in
pass out proto tcp from $localnet to any port $tcp_out
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment