PF Is it possible to transfer firewall rules between different FreeBSD derivatives?

Yes, just install security/tor, configure DNS server( for ex. local-unbound(8)) and put this simple rules into /etc/pf.conf:
Code: 
ext_if="igb0"
int_if="igb1"

block all
pass out quick on $int_if
pass out quick on $ext_if nat-to $ext_if
pass in quick on $int_if proto {tcp,udp} from $int_if:network to $int_if port 53
pass in quick on $int_if proto tcp from $int_if:network to $int_if port 22
pass in quick on $int_if proto tcp from $int_if:network to $int_if port {80,443} rdr-to 127.0.0.1 port 9040
where igb0 is your external interface and igb1 is internal. Please note, it is a very general rules and they may be adjusted according to your goals.
 
shurik said:
Yes, just install security/tor, configure DNS server( for ex. local-unbound(8)) and put this simple rules into /etc/pf.conf:
Code: 
ext_if="igb0"
int_if="igb1"

block all
pass out quick on $int_if
pass out quick on $ext_if nat-to $ext_if
pass in quick on $int_if proto {tcp,udp} from $int_if:network to $int_if port 53
pass in quick on $int_if proto tcp from $int_if:network to $int_if port 22
pass in quick on $int_if proto tcp from $int_if:network to $int_if port {80,443} rdr-to 127.0.0.1 port 9040
where igb0 is your external interface and igb1 is internal. Please note, it is a very general rules and they may be adjusted according to your goals.
Click to expand...

Hello,
Thank you so much for your reply.
My pfSense only has one network card.
 
Hello,
Can anyone guide me to write the following rules for a NIC named em0?

sh: 
ext_if="igb0"
int_if="igb1"

block all
pass out quick on $int_if
pass out quick on $ext_if nat-to $ext_if
pass in quick on $int_if proto {tcp,udp} from $int_if:network to $int_if port 53
pass in quick on $int_if proto tcp from $int_if:network to $int_if port 22
pass in quick on $int_if proto tcp from $int_if:network to $int_if port {80,443} rdr-to 127.0.0.1 port 9040
 
hack3rcon said:
Hello,
Can anyone guide me to write the following rules for a NIC named em0?

sh: 
ext_if="igb0"
int_if="igb1"

block all
pass out quick on $int_if
pass out quick on $ext_if nat-to $ext_if
pass in quick on $int_if proto {tcp,udp} from $int_if:network to $int_if port 53
pass in quick on $int_if proto tcp from $int_if:network to $int_if port 22
pass in quick on $int_if proto tcp from $int_if:network to $int_if port {80,443} rdr-to 127.0.0.1 port 9040
Click to expand...


Code: 
ext_if="em0"
set skip on lo0
block log all

# Allow all outgoing traffic from the server itself
pass out quick on $ext_if

# Allow incoming DNS traffic (only if this server provides DNS to the local network)
pass in quick on $ext_if proto { tcp, udp } to $ext_if port 53

# Allow incoming SSH traffic
pass in quick on $ext_if proto tcp to $ext_if port 22

# Redirect web traffic (80/443) to local port 9040
pass in quick on $ext_if proto tcp to ! $ext_if port { 80, 443 } rdr-to 127.0.0.1 port 9040
 
ArgentoSoma said:
Code: 
ext_if="em0"
set skip on lo0
block log all

# Allow all outgoing traffic from the server itself
pass out quick on $ext_if

# Allow incoming DNS traffic (only if this server provides DNS to the local network)
pass in quick on $ext_if proto { tcp, udp } to $ext_if port 53

# Allow incoming SSH traffic
pass in quick on $ext_if proto tcp to $ext_if port 22

# Redirect web traffic (80/443) to local port 9040
pass in quick on $ext_if proto tcp to ! $ext_if port { 80, 443 } rdr-to 127.0.0.1 port 9040
Click to expand...

Hello,
Thank you so much.
Problem solved.
 
You must log in or register to reply here.
Back
Top