Hosting Provided By

Basic firewall (DHCP NAT)

From: Fredrik Persson <frippe.persson(at)telia.com>
Date: Sat Nov 30 2002 - 17:23:22 EST

Setting up my first firewall and would be happy for some feadback if I have set it up in a secure way.

It is a private firewall in my house.
No server on the Intranet, i.e. only
clients on Intranet to access Internet.

DHCP client on the External inerface.
NAT to be used between Intranet and Internet.

The setup works but, is my setup made in a secure way or can I do some improvements.

My "pf.conf"

ExtIF="rl0"              # External Interface
IntIF="rl1"              # Internal Interface

NoRouteIPs="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

scrub in all

nat on rl0 from $IntNet to any -> (rl0)

block in quick on $ExtIF from $NoRouteIPs to any block out quick on $ExtIF from any to $NoRouteIPsblock in on $ExtIF all

Do you need help?

block in on $ExtIF all

block out on $ExtIF                 all
pass  out on $ExtIF inet proto tcp  all flags S/SA keep state
pass  out on $ExtIF inet proto udp  all            keep state
pass  out on $ExtIF inet proto icmp all            keep state

Received on Sat Nov 30 17:26:27 2002

This message: [ Message body ]
Next message: Mike Frantzen: "Re: Port scan detection with pf"
Previous message: Kit Halsted: "Re: Ultrasparc 3"
Next in thread: Marco Peereboom: "Re: Basic firewall (DHCP NAT)"
Reply: Marco Peereboom: "Re: Basic firewall (DHCP NAT)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:31:48 EDT