Enable firewall for laptop on FreeBSD.

This commit is contained in:
Tom Alexander 2024-07-04 18:59:10 -04:00
parent 664af21ad5
commit b643f86313
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
2 changed files with 14 additions and 9 deletions

View File

@ -5,10 +5,10 @@ zfs_snapshot_datasets:
- path: zroot/freebsd/current/be/default
sshd_enabled: true
sshd_conf: "sshd_config"
#pf_config: "odofreebsd_pf.conf"
#pflog_conf:
# - name: 0
# dev: pflog0
pf_config: "odofreebsd_pf.conf"
pflog_conf:
- name: 0
dev: pflog0
# dummynet_config: "dnctl.conf"
network_rc: "odofreebsd_network.conf"
rc_conf: "odofreebsd_rc.conf"

View File

@ -2,7 +2,6 @@ ext_if = "{ wlan0 }"
not_ext_if = "{ !wlan0 }"
jail_nat_v4 = "{ 10.215.1.0/24 }"
not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
dns_redirect = "{ 10.193.223.1 10.213.177.1 10.215.1.1 }"
dhcp = "{ bootpc, bootps }"
#allow = "{ wgf wgh drmario colo }"
@ -15,9 +14,15 @@ udp_pass_in = "{ 53 51820 }"
# options
set skip on lo
# queueing
# altq on wlan0 cbq queue { def, stuff }
# queue def cbq(default borrow)
# queue stuff bandwidth 8Mb cbq { dagger }
# queue dagger cbq(borrow)
# redirections
#nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
#rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
# Redirect jaeger ports to virtual machine.
# nat pass on lo inet from 127.0.0.0/24 to 127.0.0.0/24 port {6831 6832 16686 14268} -> (jail_nat)
@ -27,9 +32,9 @@ set skip on lo
block log all
pass out on $ext_if
#pass in on jail_nat
pass in on jail_nat
# Allow traffic from my machine to the jails/virtual machines
#pass out on jail_nat from $jail_nat_v4
pass out on jail_nat from $jail_nat_v4
# We pass on the interfaces listed in allow rather than skipping on
# them because changes to pass rules will update when running a