• Èìà ñè ðåä:
  • Macros
    Tables
    Options
    Traffic normalization
    Bandwidth management
    Redirection
    Packet filtering
    
  • /etc/pf.conf
  • ###########################################
    # PF rules
    # 
    # DNS and SQUID installed
    
    ###########################################
    #
    # Interfaces
    #
    ext_if="xl0"
    int_if="xl1"
    
    lo_if="lo0"
    
    # The dialog Private Address Range
    prv_ad = "172.16.0.0/24"
    
    # Primary External Address
    ext_ad = "my external address"
    
    # Protocols for which we are doing NAT
    nat_proto = "{ tcp, udp, icmp }"
    
    # Define queues
    lowqueueports = "{ 21, 25, 80, 110, 443 }"
    highqueueports = "{ 22, 23, 53 }"
    torrentports = "6881:6999"
    
    # Private Addresses
    prv_ads = "{ 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
    
    # Optional Private Addresses (for example)
    int_webproxy="172.16.0.148"
    int_nameserver="172.16.0.148"
    
    #######################################################
    #
    # Options
    #
    
    # Limit the number of fragments kept in memory to 5000
    set limit frags 	5000
    set limit states 	20000
    set optimization 	aggressive
    set block-policy 	drop
    set loginterface 	none
    
    #######################################################
    #
    # Scrub Rules
    #
    # Scrub all packetes coming from the world
    scrub in on $ext_if from any