| | 156 | {{{ |
| | 157 | #chroot <<'EOF' > /etc/pf.conf |
| | 158 | inet_if="vr1" |
| | 159 | wleiden_if="vr2" |
| | 160 | int_if="bridge0" |
| | 161 | int_network="192.168.42.0/24" |
| | 162 | |
| | 163 | |
| | 164 | # Do not do anything @ localhost |
| | 165 | set skip on lo0 |
| | 166 | |
| | 167 | ### all incoming traffic on external interface is normalized and fragmented |
| | 168 | ### packets are reassembled. |
| | 169 | scrub in all fragment reassemble |
| | 170 | |
| | 171 | nat on $inet_if from $int_network -> ($inet_if:0) |
| | 172 | nat on $wleiden_if from $int_network -> ($wleiden_if:0) |
| | 173 | |
| | 174 | # SSH Access for proxy13 |
| | 175 | rdr pass on $inet_if proto tcp from any to any port 2022 \ |
| | 176 | -> 192.168.42.146 port ssh |
| | 177 | |
| | 178 | # SSH Access for CNodeRick |
| | 179 | nat on $wleiden_if from any to 172.20.145.129 port ssh -> ($wleiden_if:0) |
| | 180 | rdr pass on $inet_if proto tcp from any to any port 1022 \ |
| | 181 | -> 172.20.145.129 port ssh |
| | 182 | |
| | 183 | # No firewall configured |
| | 184 | pass quick on $int_if no state |
| | 185 | |
| | 186 | pass out on $inet_if keep state |
| | 187 | pass out on $wleiden_if keep state |
| | 188 | |
| | 189 | pass in on $inet_if keep state |
| | 190 | pass in on $wleiden_if keep state |
| | 191 | }}} |
