Difference between revisions of "OpenBSD Firewall / PF"
| Line 3: | Line 3: | ||
|Members=Antarez, Vicarious | |Members=Antarez, Vicarious | ||
|Description=building a gateway on openbsd | |Description=building a gateway on openbsd | ||
| − | }} | + | }} |
In this talk we will be building a highly available firewalling gateway. It is not a lecture or talk, it's a hands-on workshop. | In this talk we will be building a highly available firewalling gateway. It is not a lecture or talk, it's a hands-on workshop. | ||
| − | how to play: | + | how to play: |
| − | * Log into the wireless network "antareztest" | + | *Log into the wireless network "antareztest" |
| − | * SSH to the gateway in that lan (192.168.1.254 or 192.168.1.252) | + | *SSH to the gateway in that lan (192.168.1.254 or 192.168.1.252) |
| − | * Login as "root" password "bier" | + | *Login as "root" password "bier" |
| − | * use "tmux a" to attach to the shared session | + | *use "tmux a" to attach to the shared session |
| − | * break things, discuss, fix things | + | *break things, discuss, fix things |
| + | |||
| + | |||
| + | <pre> | ||
| + | |||
| + | # PF Rules ACKspace gateway 2 | ||
| + | |||
| + | ### Macros ### | ||
| + | ext_if = "fxp0" | ||
| + | int_if = "{ fxp1 vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 vlan20 vlan21 vlan22 vlan23 vlan24 vl$ | ||
| + | gw2_ext = "213.125.94.212" | ||
| + | icmp_types="echoreq" | ||
| + | tcp_services="{ ssh }" | ||
| + | private_networks="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32, 127.0.0.0/8 }" | ||
| + | |||
| + | ### Skip Policy ### | ||
| + | |||
| + | # Skip any filtering if it is on infterface localhost | ||
| + | set skip on lo | ||
| + | |||
| + | ### Block Policy ### | ||
| + | |||
| + | # Provide nice blocked messages | ||
| + | set block-policy return | ||
| + | |||
| + | |||
| + | ### Default Policy ### | ||
| + | |||
| + | # Block all unless a allow rule exists | ||
| + | block in log | ||
| + | block out log | ||
| + | |||
| + | </pre> | ||
Revision as of 12:33, 11 June 2011
| Project: OpenBSD Firewall / PF | |
|---|---|
| Featured: | |
| State | Active |
| Members | Antarez, Vicarious |
| GitHub | No GitHub project defined. Add your project here. |
| Description | building a gateway on openbsd |
| Picture | |
| No project picture! Fill in form Picture or Upload a jpeg here | |
In this talk we will be building a highly available firewalling gateway. It is not a lecture or talk, it's a hands-on workshop.
how to play:
- Log into the wireless network "antareztest"
- SSH to the gateway in that lan (192.168.1.254 or 192.168.1.252)
- Login as "root" password "bier"
- use "tmux a" to attach to the shared session
- break things, discuss, fix things
# PF Rules ACKspace gateway 2
### Macros ###
ext_if = "fxp0"
int_if = "{ fxp1 vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 vlan20 vlan21 vlan22 vlan23 vlan24 vl$
gw2_ext = "213.125.94.212"
icmp_types="echoreq"
tcp_services="{ ssh }"
private_networks="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32, 127.0.0.0/8 }"
### Skip Policy ###
# Skip any filtering if it is on infterface localhost
set skip on lo
### Block Policy ###
# Provide nice blocked messages
set block-policy return
### Default Policy ###
# Block all unless a allow rule exists
block in log
block out log
