ipsec_conf: "ipsec_iapetus.conf"
hostname: "phobos.mars.sigsegv.be"
dyndns_name: "qemu-dummy.sigsegv.be"
+ pf_file: "pf_phobos.conf"
iapetus:
control_port: 2404
ansible_port: 2404
--- /dev/null
+#!/sbin/pfctl -f
+
+#set timeout tcp.established 86400
+#set block-policy return
+
+set skip on lo0
+
+ext_if = "igb0"
+int_if = "igb1"
+
+deimos = "10.0.3.2"
+
+scrub on $ext_if all fragment reassemble reassemble tcp
+
+nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)
+
+rdr pass on $ext_if proto tcp from any to ($ext_if) port 2200 -> $deimos port 22
+rdr pass on $ext_if proto tcp from any to ($ext_if) port 8080 -> $deimos port 8080
+rdr pass on $ext_if proto tcp from any to ($ext_if) port 9103 -> $deimos port 9103
+rdr pass on $ext_if proto tcp from any to ($ext_if) port 10102 -> $deimos port 9102
+
+
+block drop log
+pass out
+
+pass in proto tcp
+
+pass in inet proto icmp
+pass in inet6 proto icmp6
+
+pass in proto tcp from any to any port { 22, 9102 }
+pass in on $int_if
projects / pennestraat-domotica / commitdiff