talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Set up the nat_dhcp jail for mrmanager.

Browse Source
This commit is contained in:
Tom Alexander
2023-05-28 22:36:31 -04:00
parent 37f8749b3c
commit e49d008d57
8 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/roles/firewall/files/mrmanager_pf.conf
View File

@@ -1,4 +1,5 @@
ext_if = "lagg0"
not_ext_if = "{ !lagg0 }"
jail_nat_v4 = "{ 10.215.1.0/24 }"
not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
@@ -14,8 +15,9 @@ udp_pass_in = "{ 53 51820 51821 51822 }"
set skip on lo
# redirections
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> ($ext_if)
rdr pass on !$ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
nat pass on lagg0 inet from $jail_nat_v4 to $not_jail_nat_v4 -> (lagg0)
nat pass on $not_ext_if inet from $jail_nat_v4 to 10.215.1.1 port 53 -> ($ext_if)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
# filtering
block log all