2 # $OpenBSD: faq-example1,v 1.5 2006/10/07 04:48:01 mcbride Exp $
5 # Firewall for Home or Small Office
6 # http://www.openbsd.org/faq/pf/example1.html
14 tcp_services="{ 22, 113 }"
20 set block-policy return
21 set loginterface $ext_if
29 nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
30 nat-anchor "ftp-proxy/*"
31 rdr-anchor "ftp-proxy/*"
33 rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
34 rdr on $ext_if proto tcp from any to any port 80 -> $comp3
42 antispoof quick for { lo $int_if }
44 pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services
46 pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
49 pass in inet proto icmp all icmp-type $icmp_types
51 pass quick on $int_if no state