Enable firewall for laptop on FreeBSD.
This commit is contained in:
parent
664af21ad5
commit
b643f86313
@ -5,10 +5,10 @@ zfs_snapshot_datasets:
|
||||
- path: zroot/freebsd/current/be/default
|
||||
sshd_enabled: true
|
||||
sshd_conf: "sshd_config"
|
||||
#pf_config: "odofreebsd_pf.conf"
|
||||
#pflog_conf:
|
||||
# - name: 0
|
||||
# dev: pflog0
|
||||
pf_config: "odofreebsd_pf.conf"
|
||||
pflog_conf:
|
||||
- name: 0
|
||||
dev: pflog0
|
||||
# dummynet_config: "dnctl.conf"
|
||||
network_rc: "odofreebsd_network.conf"
|
||||
rc_conf: "odofreebsd_rc.conf"
|
||||
|
@ -2,7 +2,6 @@ ext_if = "{ wlan0 }"
|
||||
not_ext_if = "{ !wlan0 }"
|
||||
jail_nat_v4 = "{ 10.215.1.0/24 }"
|
||||
not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
|
||||
dns_redirect = "{ 10.193.223.1 10.213.177.1 10.215.1.1 }"
|
||||
|
||||
dhcp = "{ bootpc, bootps }"
|
||||
#allow = "{ wgf wgh drmario colo }"
|
||||
@ -15,9 +14,15 @@ udp_pass_in = "{ 53 51820 }"
|
||||
# options
|
||||
set skip on lo
|
||||
|
||||
# queueing
|
||||
# altq on wlan0 cbq queue { def, stuff }
|
||||
# queue def cbq(default borrow)
|
||||
# queue stuff bandwidth 8Mb cbq { dagger }
|
||||
# queue dagger cbq(borrow)
|
||||
|
||||
# redirections
|
||||
#nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
|
||||
#rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
|
||||
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
|
||||
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
|
||||
|
||||
# Redirect jaeger ports to virtual machine.
|
||||
# nat pass on lo inet from 127.0.0.0/24 to 127.0.0.0/24 port {6831 6832 16686 14268} -> (jail_nat)
|
||||
@ -27,9 +32,9 @@ set skip on lo
|
||||
block log all
|
||||
pass out on $ext_if
|
||||
|
||||
#pass in on jail_nat
|
||||
pass in on jail_nat
|
||||
# Allow traffic from my machine to the jails/virtual machines
|
||||
#pass out on jail_nat from $jail_nat_v4
|
||||
pass out on jail_nat from $jail_nat_v4
|
||||
|
||||
# We pass on the interfaces listed in allow rather than skipping on
|
||||
# them because changes to pass rules will update when running a
|
||||
|
Loading…
Reference in New Issue
Block a user