Configure pf Firewall: Difference between revisions

From wiki
Jump to navigation Jump to search
VisualWikitext
imported>Jacob
mNo edit summary
imported>Jacob
No edit summary
Line 2: Line 2:
We als split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book.<br>
We als split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book.<br>
<br>
<br>
So the general layout of the pf file is
==== Macro Definitions ====
In the macro definitions we declare the: interfaces, hosts, ports etc.<br>
To be able to change port numbers or IP-addresses without the need to go through the complete configuration file.
==== Stateful Tracking Options (STO) ====
==== TABLES ====
Here we define Tables used for spamd and ftp proxy functionality
==== OPTIONS ====
==== TRAFFIC NORMALISATION ====
==== QUEUEING ====
==== TRANSLATION ====
In the translation section we define the redirect rules for incoming traffic. Like send http and https to the webserver and smtp traffic to the mailserver.
==== PACKET FILTERING ====
#======================================================
# ext-if
#========================================
# ext-if IN
#===========================
# ext-if IN TCP
#===========================
# ext-if IN UDP
#===========================
# ext-if IN IMCP
#========================================
# ext-if OUT
#===========================
# ext-if OUT TCP
#===========================
# ext-if OUT UDP
#===========================
# ext-if OUT IMCP
#======================================================
# int-if
#========================================
# int-if IN
#===========================
# int-if IN TCP
#===========================
# int-if IN UDP
#===========================
# int-if IN ICMP
#========================================
# int-if OUT
#===========================
# int-if OUT TCP
#===========================
# int-if OUT UDP
#===========================
# int-if OUT ICMP

Revision as of 20:16, 4 June 2019

The philosophy we will use for the fire wall is that we split in 2 or 4 paths depending on the traffic initiated outside or inside. We als split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book.

Retrieved from "https://wiki.sjakio.com:443/index.php?title=Configure_pf_Firewall&oldid=291"