Difference between revisions of "OpenBSD Firewall / PF"
| Line 21: | Line 21: | ||
### Macros ### | ### Macros ### | ||
ext_if = "fxp0" | ext_if = "fxp0" | ||
| − | int_if = "{ fxp1 vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 vlan20 vlan21 vlan22 vlan23 vlan24 vlan25 vlan26 vlan27 vlan28 vlan29 vlan30 vlan31 vlan32 vlan33 vlan34 vlan35 vlan36 vlan37 vlan38 vlan39 vlan40 vlan41 vlan42 vlan43 vlan44 vlan45 vlan46 vlan47 vlan48 vlan49 vlan50 vlan51 vlan52 vlan53 vlan54 vlan55 vlan56 vlan57 }" | + | int_if = "{ fxp1 vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 vlan20 vlan21 vlan22 <br> vlan23 vlan24 vlan25 vlan26 vlan27 vlan28 vlan29 vlan30 vlan31 vlan32 vlan33 vlan34 vlan35 vlan36 vlan37 <br> vlan38 vlan39 vlan40 vlan41 vlan42 vlan43 vlan44 vlan45 vlan46 vlan47 vlan48 vlan49 vlan50 vlan51 vlan52 <br> vlan53 vlan54 vlan55 vlan56 vlan57 }" <br> |
gw2_ext = "213.125.94.212" | gw2_ext = "213.125.94.212" | ||
icmp_types="echoreq" | icmp_types="echoreq" | ||
Revision as of 13:36, 11 June 2011
| Project: OpenBSD Firewall / PF | |
|---|---|
| Featured: | |
| State | Active |
| Members | Antarez, Vicarious |
| GitHub | No GitHub project defined. Add your project here. |
| Description | building a gateway on openbsd |
| Picture | |
| No project picture! Fill in form Picture or Upload a jpeg here | |
In this talk we will be building a highly available firewalling gateway. It is not a lecture or talk, it's a hands-on workshop.
how to play:
- Log into the wireless network "antareztest"
- SSH to the gateway in that lan (192.168.1.254 or 192.168.1.252)
- Login as "root" password "bier"
- use "tmux a" to attach to the shared session
- break things, discuss, fix things
# PF Rules ACKspace gateway 2
### Macros ###
ext_if = "fxp0"
int_if = "{ fxp1 vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 vlan20 vlan21 vlan22 <br> vlan23 vlan24 vlan25 vlan26 vlan27 vlan28 vlan29 vlan30 vlan31 vlan32 vlan33 vlan34 vlan35 vlan36 vlan37 <br> vlan38 vlan39 vlan40 vlan41 vlan42 vlan43 vlan44 vlan45 vlan46 vlan47 vlan48 vlan49 vlan50 vlan51 vlan52 <br> vlan53 vlan54 vlan55 vlan56 vlan57 }" <br>
gw2_ext = "213.125.94.212"
icmp_types="echoreq"
tcp_services="{ ssh }"
private_networks="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32, 127.0.0.0/8 }"
### Skip Policy ###
# Skip any filtering if it is on infterface localhost
set skip on lo
### Block Policy ###
# Provide nice blocked messages
set block-policy return
### Default Policy ###
# Block all unless a allow rule exists
block in log
block out log
