[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD Firewalls

To: "Mike Shaw" <mshaw@wwisp.com>,"Milhomem, Marcus" <Marcus_Milhomem@bmc.com>, <misc@openbsd.org>
Subject: Re: OpenBSD Firewalls
From: "S9" <km@themcminns.com>
Date: Wed, 2 Oct 2002 22:14:05 -0700

> Do you mind forwarding some cleansed examples?
> I'm interested in the nuts and bolts of how you
> are doing this.

Sure. Below you'll find a five-interface example.


-Karsten
--------------------------------------

         internet
           fxp0
            |
            |
DMZ1-fxp2---|----DMZ2-fxp1
            |
        |-------|
        |       |
        |       |
      fxp3     fxp4
   internal1  internal2

[misc scrubs and predefined goodies]
block in on fxp0 from any to { fxp1, fxp2, fxp3, fxp4 }
block in on fxp1 from { fxp0, fxp2 } to any
block in on fxp2 from { fxp0, fxp1 } to any
block out on fxp1 from any to { fxp3, fxp4 }
block out on fxp2 from any to { fxp3, fxp4 }
block in on fxp3 from { fxp0, fxp1, fxp2 } to any
block in on fxp4 from { fxp0, fxp1, fxp2 } to any
pass out on fxp0 from { fxp1, fxp2, fxp3, fxp4 } to any keep state
pass out on fxp1 from { fxp3, fxp4 } to any keep state
pass out on fxp2 from { fxp3, fxp4 } to any keep state
pass in on fxp4 from fxp3 to any
pass in on fxp3 from fxp4 to any
pass out on fxp3 from any to { fxp3, fxp2, fxp1, fxp0 } to any keep state
pass out on fxp4 from any to { fxp4, fxp2, fxp1, fxp0 } to any keep state
[everything else is passed quick and goes below]

References:
- Re: OpenBSD Firewalls
  - From: Mike Shaw <mshaw@wwisp.com>

Prev by Date: Re: mounting a Zip drive
Next by Date: Re: death by ahc1 ?
Prev by thread: Re: OpenBSD Firewalls
Next by thread: Re: OpenBSD Firewalls
Index(es):
- Date
- Thread