Difference between revisions of "OpenBSD Firewall / PF"
| Line 13: | Line 13: | ||
*use "tmux a" to attach to the shared session | *use "tmux a" to attach to the shared session | ||
*break things, discuss, fix things | *break things, discuss, fix things | ||
| + | |||
| + | |||
| + | <pre> | ||
| + | |||
| + | # PF Rules ACKspace gateway 2 | ||
| + | |||
| + | ### Macros ### | ||
| + | |||
| + | ext_if = "fxp0" | ||
| + | |||
| + | int_if = "{ fxp1 \ | ||
| + | vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 \ | ||
| + | vlan20 vlan21 vlan22 vlan23 vlan24 vlan25 vlan26 vlan27 vlan28 vlan29 \ | ||
| + | vlan30 vlan31 vlan32 vlan33 vlan34 vlan35 vlan36 vlan37 vlan38 vlan39 \ | ||
| + | vlan40 vlan41 vlan42 vlan43 vlan44 vlan45 vlan46 vlan47 vlan48 vlan49 \ | ||
| + | vlan50 vlan51 vlan52 vlan53 vlan54 vlan55 vlan56 vlan57 }" | ||
| + | |||
| + | gw2_ext = "213.125.94.212" | ||
| + | icmp_types = "echoreq" | ||
| + | tcp_services = "{ ssh }" | ||
| + | private_networks = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32, 127.0.0.0/8 }" | ||
| + | |||
| + | ### Skip Policy ### | ||
| + | |||
| + | # Skip any filtering if it is on infterface localhost | ||
| + | set skip on lo | ||
| + | |||
| + | ### Block Policy ### | ||
| + | |||
| + | # Provide nice blocked messages | ||
| + | set block-policy return | ||
| + | |||
| + | |||
| + | ### Default Policy ### | ||
| + | |||
| + | # Block all unless a allow rule exists | ||
| + | block in log | ||
| + | block out log | ||
| + | |||
| + | </pre> | ||
Revision as of 12:42, 11 June 2011
| Project: OpenBSD Firewall / PF | |
|---|---|
| Featured: | |
| State | Active |
| Members | Antarez, Vicarious |
| GitHub | No GitHub project defined. Add your project here. |
| Description | building a gateway on openbsd |
| Picture | |
| No project picture! Fill in form Picture or Upload a jpeg here | |
In this talk we will be building a highly available firewalling gateway. It is not a lecture or talk, it's a hands-on workshop.
how to play:
- Log into the wireless network "antareztest"
- SSH to the gateway in that lan (192.168.1.254 or 192.168.1.252)
- Login as "root" password "bier"
- use "tmux a" to attach to the shared session
- break things, discuss, fix things
# PF Rules ACKspace gateway 2
### Macros ###
ext_if = "fxp0"
int_if = "{ fxp1 \
vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 \
vlan20 vlan21 vlan22 vlan23 vlan24 vlan25 vlan26 vlan27 vlan28 vlan29 \
vlan30 vlan31 vlan32 vlan33 vlan34 vlan35 vlan36 vlan37 vlan38 vlan39 \
vlan40 vlan41 vlan42 vlan43 vlan44 vlan45 vlan46 vlan47 vlan48 vlan49 \
vlan50 vlan51 vlan52 vlan53 vlan54 vlan55 vlan56 vlan57 }"
gw2_ext = "213.125.94.212"
icmp_types = "echoreq"
tcp_services = "{ ssh }"
private_networks = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32, 127.0.0.0/8 }"
### Skip Policy ###
# Skip any filtering if it is on infterface localhost
set skip on lo
### Block Policy ###
# Provide nice blocked messages
set block-policy return
### Default Policy ###
# Block all unless a allow rule exists
block in log
block out log
