Re: openbsd pf firewall °ü·|ï¿¿× (¤ï¿¿ Ã|ï¿¿× (¤ï¿¿

[JungSoo HA <che@xxxxxxxx>]

On Wed, Jan 15, 2003 at 12:16:23PM +0900, Pyun YongHyeon wrote:

> ÃÖ¼ÒÇÑ ÇöÀç »ç¿ëÇÏ´Â pf·êÀº ¾Ë·Á ÁּžßÁÒ.

¾Ñ Á˼ÛÇÕ´Ï´Ù. ÷ºÎ¸¦ »©¸Ô¾ú½À´Ï´Ù.

-- 
ÇÏÁ¤¼ö

#	$OpenBSD: pf.conf,v 1.3 2001/11/16 22:53:24 dhartmei Exp $
#
# See pf.conf(5) for syntax and examples
# ep1 : external 10Mbps

localnet = "211.xxx.yyy.zzz/ww"

# normalize all packets
#scrub out all
#scrub in all

# block private IP address space
block in log quick on ep1 from { 127.0.0.0/8, 192.168.0.0/16, \
172.16.0.0/12, 10.0.0.0/8 } to any 
block out log quick on ep1 from any to { 127.0.0.0/8, 192.168.0.0/16, \
172.16.0.0/12, 10.0.0.0/8 }

# block incoming broadcast packets
block in quick on ep1 from any to 255.255.255.255

# now block and log all by default
block in log on ep1 all
block return-rst out log on ep1 inet proto tcp all
block return-rst in log on ep1 inet proto tcp all
block return-icmp out on ep1 inet proto udp all
block return-icmp in on ep1 inet proto udp all

# ICMP ping
pass in on ep1 inet proto icmp all icmp-type 8 code 0 keep state
pass out on ep1 inet proto icmp all icmp-type 8 code 0 keep state

# outgoing

# UDP
pass out on ep1 inet proto udp all keep state

# TCP
pass out on ep1 inet proto tcp all modulate state

# finally pass incoming

pass in on ep1 inet proto tcp from any to $localnet \
port 22 flags S/SA keep state
--
Please look and take part in KFUG FAQ: <http://www.kr.freebsd.org/FAQ-kr/>
To Unsubscribe: send mail to majordomo@kr.FreeBSD.org
with "unsubscribe questions" in the BODY of the message