Setup pf.conf file: Difference between revisions
Jump to navigation
Jump to search
imported>Jacob (Created page with "So the general layout of the pf file is ==== Macro Definitions ==== In the macro definitions we declare the: interfaces, hosts, ports etc.<br> To be able to change port numbe...") |
imported>Jacob |
||
| Line 16: | Line 16: | ||
In the translation section we define the redirect rules for incoming traffic. Like send http and https to the webserver and smtp traffic to the mailserver. | In the translation section we define the redirect rules for incoming traffic. Like send http and https to the webserver and smtp traffic to the mailserver. | ||
==== PACKET FILTERING ==== | ==== PACKET FILTERING ==== | ||
The packet filtering section are split several ways for efficiency reasons. First they split in WAN NIC and LAN NIC traffic. Each of these sections is then split into NIC IN and OUT out traffic. The IN and OUT sections are then split for TCP and UDP traffic.<br> | |||
<br> | |||
#====================================================== | #====================================================== | ||
# ext-if | # ext-if | ||
Latest revision as of 07:50, 5 June 2019
So the general layout of the pf file is
Macro Definitions
In the macro definitions we declare the: interfaces, hosts, ports etc.
To be able to change port numbers or IP-addresses without the need to go through the complete configuration file.
Stateful Tracking Options (STO)
TABLES
Here we define Tables used for spamd and ftp proxy functionality
OPTIONS
TRAFFIC NORMALISATION
QUEUEING
TRANSLATION
In the translation section we define the redirect rules for incoming traffic. Like send http and https to the webserver and smtp traffic to the mailserver.
PACKET FILTERING
The packet filtering section are split several ways for efficiency reasons. First they split in WAN NIC and LAN NIC traffic. Each of these sections is then split into NIC IN and OUT out traffic. The IN and OUT sections are then split for TCP and UDP traffic.
#====================================================== # ext-if #======================================== # ext-if IN #=========================== # ext-if IN TCP #=========================== # ext-if IN UDP #=========================== # ext-if IN IMCP #======================================== # ext-if OUT #=========================== # ext-if OUT TCP #=========================== # ext-if OUT UDP #=========================== # ext-if OUT IMCP #====================================================== # int-if #======================================== # int-if IN #=========================== # int-if IN TCP #=========================== # int-if IN UDP #=========================== # int-if IN ICMP #======================================== # int-if OUT #=========================== # int-if OUT TCP #=========================== # int-if OUT UDP #=========================== # int-if OUT ICMP