Configure pf Firewall: Difference between revisions
Jump to navigation
Jump to search
imported>Jacob No edit summary |
imported>Jacob mNo edit summary |
||
| Line 1: | Line 1: | ||
The philosophy we will use for the fire wall is that we split in 2 or 4 paths depending on the traffic initiated outside or inside. | The philosophy we will use for the fire wall is that we split in 2 or 4 paths depending on the traffic initiated outside or inside. | ||
We als split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book. | We als split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book.<br> | ||
<br> | |||
So the general layout of the pf file is | So the general layout of the pf file is | ||
==== Macro Definitions ==== | ==== Macro Definitions ==== | ||
In the macro definitions we declare the: interfaces, hosts, ports etc.<br> | |||
To be able to change port numbers or IP-addresses without the need to go through the complete configuration file. | |||
==== Stateful Tracking Options (STO) ==== | ==== Stateful Tracking Options (STO) ==== | ||
==== TABLES ==== | ==== TABLES ==== | ||
Here we define Tables used for spamd and ftp proxy functionality | |||
==== OPTIONS ==== | ==== OPTIONS ==== | ||
| Line 15: | Line 17: | ||
==== TRANSLATION ==== | ==== TRANSLATION ==== | ||
In the translation section we define the redirect rules for incoming traffic. Like send http and https to the webserver and smtp traffic to the mailserver. | |||
==== PACKET FILTERING ==== | ==== PACKET FILTERING ==== | ||
Revision as of 20:12, 4 June 2019
The philosophy we will use for the fire wall is that we split in 2 or 4 paths depending on the traffic initiated outside or inside.
We als split the config in tcp and udp traffic for efficiency reasons see: NOTE link needed here to article or book.
So the general layout of the pf file is
Macro Definitions
In the macro definitions we declare the: interfaces, hosts, ports etc.
To be able to change port numbers or IP-addresses without the need to go through the complete configuration file.
Stateful Tracking Options (STO)
TABLES
Here we define Tables used for spamd and ftp proxy functionality
OPTIONS
TRAFFIC NORMALISATION
QUEUEING
TRANSLATION
In the translation section we define the redirect rules for incoming traffic. Like send http and https to the webserver and smtp traffic to the mailserver.
PACKET FILTERING
#====================================================== # ext-if #======================================== # ext-if IN #=========================== # ext-if IN TCP #=========================== # ext-if IN UDP #=========================== # ext-if IN IMCP #======================================== # ext-if OUT #=========================== # ext-if OUT TCP #=========================== # ext-if OUT UDP #=========================== # ext-if OUT IMCP #====================================================== # int-if #======================================== # int-if IN #=========================== # int-if IN TCP #=========================== # int-if IN UDP #=========================== # int-if IN ICMP #======================================== # int-if OUT #=========================== # int-if OUT TCP #=========================== # int-if OUT UDP #=========================== # int-if OUT ICMP