talexander
/
machine_setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add pf config for jails to homeserver.

This commit is contained in:
Tom Alexander 2022-11-10 19:24:11 -05:00
parent a8a64f6741
commit 26f09f811d
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ansible/roles/firewall/files/homeserver_pf.conf
View File

@ -1,4 +1,6 @@
ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
jail_net_v4 = "10.193.223.0/24"
full_nat_v4 = "10.213.177.0/24"
dhcp = "{ bootpc, bootps }"
# allow = "{ }"
@ -12,6 +14,11 @@ udp_pass_in = "{ 53 51820 }"
set skip on lo
# redirections
nat on $ext_if inet from $jail_net_v4 to { any, !$jail_net_v4 } tag ALLOWED -> (wlan0)
nat on $ext_if inet from $full_nat_v4 to { any, !$full_nat_v4 } tag ALLOWED -> (wlan0)
rdr on host_uplink0 inet proto {tcp, udp} from any to 10.193.223.1 port 53 tag ALLOWED -> 1.1.1.1 port 53
rdr on host_uplink1 inet proto {tcp, udp} from any to 10.213.177.1 port 53 tag ALLOWED -> 1.1.1.1 port 53
# filtering
block log all
@ -31,3 +38,7 @@ pass in on $ext_if proto tcp to any port $tcp_pass_in
pass in on $ext_if proto udp to any port $udp_pass_in
pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp
pass in on host_uplink0 proto udp from any to any port { 53 51820 }
pass out on host_uplink0 proto tcp from any to any port 8081
pass in on host_uplink1