Configure pf Firewall: Difference between revisions

The philosophy we will use for the fire wall is that we split in 2 or 4 paths depending on the traffic initiated outside or inside. We als split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book. So the general layout is

#	Macro definitions 
#	Stateful Tracking Options (STO)
#	TABLES
#	OPTIONS
#	TRAFFIC NORMALISATION
#	QUEUEING
#	TRANSLATION
#	PACKET FILTERING
#======================================================
#	ext-if
#========================================
#	ext-if IN
#===========================
#	ext-if IN TCP
#===========================
#	ext-if IN UDP
#===========================
#	ext-if IN IMCP
#========================================
#	ext-if OUT
#===========================
#	ext-if OUT TCP
#===========================
#	ext-if OUT UDP
#===========================
#	ext-if OUT IMCP
#======================================================
#	int-if
#========================================
#	int-if IN
#===========================
#	int-if IN TCP
#===========================
#	int-if IN UDP
#===========================
#	int-if IN ICMP
#========================================
#	int-if OUT
#===========================
#	int-if OUT TCP
#===========================
#	int-if OUT UDP
#===========================
#	int-if OUT ICMP