Difference between revisions of "OpenBSD Firewall / PF"

From Hackerspace ACKspace
Jump to: navigation, search
Line 13: Line 13:
 
*use "tmux a" to attach to the shared session  
 
*use "tmux a" to attach to the shared session  
 
*break things, discuss, fix things
 
*break things, discuss, fix things
 +
 +
 +
<pre>
 +
 +
# PF Rules ACKspace gateway 2
 +
 +
### Macros ###
 +
 +
ext_if = "fxp0"
 +
 +
int_if = "{ fxp1 \
 +
vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 \
 +
vlan20 vlan21 vlan22 vlan23 vlan24 vlan25 vlan26 vlan27 vlan28 vlan29 \
 +
vlan30 vlan31 vlan32 vlan33 vlan34 vlan35 vlan36 vlan37 vlan38 vlan39 \
 +
vlan40 vlan41 vlan42 vlan43 vlan44 vlan45 vlan46 vlan47 vlan48 vlan49 \
 +
vlan50 vlan51 vlan52 vlan53 vlan54 vlan55 vlan56 vlan57 }"
 +
 +
gw2_ext = "213.125.94.212"
 +
icmp_types = "echoreq"
 +
tcp_services = "{ ssh }"
 +
private_networks = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32, 127.0.0.0/8 }"
 +
 +
### Skip Policy ###
 +
 +
# Skip any filtering if it is on infterface localhost
 +
set skip on lo
 +
 +
### Block Policy ###
 +
 +
# Provide nice blocked messages
 +
set block-policy return
 +
 +
 +
### Default Policy ###
 +
 +
# Block all unless a allow rule exists
 +
block in log
 +
block out log
 +
 +
</pre>

Revision as of 12:42, 11 June 2011

Project: OpenBSD Firewall / PF
Featured:
State Active
Members Antarez, Vicarious
GitHub No GitHub project defined. Add your project here.
Description building a gateway on openbsd
Picture
No project picture! Fill in form Picture or Upload a jpeg here

In this talk we will be building a highly available firewalling gateway. It is not a lecture or talk, it's a hands-on workshop.

how to play:

  • Log into the wireless network "antareztest"
  • SSH to the gateway in that lan (192.168.1.254 or 192.168.1.252)
  • Login as "root" password "bier"
  • use "tmux a" to attach to the shared session
  • break things, discuss, fix things



# PF Rules ACKspace gateway 2

### Macros ###

ext_if = "fxp0"

int_if = "{ fxp1 \
vlan10 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16 vlan17 vlan18 vlan19 \
vlan20 vlan21 vlan22 vlan23 vlan24 vlan25 vlan26 vlan27 vlan28 vlan29 \
vlan30 vlan31 vlan32 vlan33 vlan34 vlan35 vlan36 vlan37 vlan38 vlan39 \
vlan40 vlan41 vlan42 vlan43 vlan44 vlan45 vlan46 vlan47 vlan48 vlan49 \
vlan50 vlan51 vlan52 vlan53 vlan54 vlan55 vlan56 vlan57 }"

gw2_ext = "213.125.94.212"
icmp_types = "echoreq"
tcp_services = "{ ssh }"
private_networks = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32, 127.0.0.0/8 }"

### Skip Policy ###

# Skip any filtering if it is on infterface localhost
set skip on lo

### Block Policy ###

# Provide nice blocked messages
set block-policy return


### Default Policy ###

# Block all unless a allow rule exists
block in log
block out log