diff options
Diffstat (limited to 'etc/hoststated.conf')
| -rw-r--r-- | etc/hoststated.conf | 119 |
1 files changed, 0 insertions, 119 deletions
diff --git a/etc/hoststated.conf b/etc/hoststated.conf deleted file mode 100644 index 679a992c972..00000000000 --- a/etc/hoststated.conf +++ /dev/null @@ -1,119 +0,0 @@ -# $OpenBSD: hoststated.conf,v 1.9 2007/11/28 15:16:18 reyk Exp $ -# -# Macros -# -ext_addr="192.168.1.1" -webhost1="10.0.0.1" -webhost2="10.0.0.2" -sshhost1="10.0.0.3" - -# -# Global Options -# -# interval 10 -# timeout 200 -# prefork 5 - -# -# Each table will be mapped to a pf table. -# -table webhosts { - real port http - check http "/" code 200 - host $webhost1 - host $webhost2 -} - -table fallback { - real port http - check icmp - host 127.0.0.1 -} - -# -# Services will be mapped to a rdr rule. -# -service www { - virtual host $ext_addr port http interface trunk0 - - # tag every packet that goes thru the rdr rule with HOSTSTATED - tag HOSTSTATED - - table webhosts - backup table fallback -} - -# -# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration -# -protocol httpssl { - protocol http - header append "$REMOTE_ADDR" to "X-Forwarded-For" - header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" - header change "Connection" to "close" - - # Various TCP performance options - tcp { nodelay, sack, socket buffer 65536, backlog 128 } - -# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } -# ssl session cache disable -} - -relay wwwssl { - # Run as a SSL accelerator - listen on $ext_addr port 443 ssl - protocol httpssl - - # Forward to hosts in the webhosts table using a src/dst hash - table webhosts loadbalance -} - -# -# Relay and protocol for simple TCP forwarding on layer 7 -# -protocol sshtcp { - protocol tcp - - # The TCP_NODELAY option is required for "smooth" terminal sessions - tcp nodelay -} - -relay sshgw { - # Run as a simple TCP relay - listen on $ext_addr port 2222 - protocol sshtcp - - # Forward to the shared carp(4) address of an internal gateway - forward to $sshhost1 port 22 -} - -# -# Relay and protocol for a transparent HTTP proxy -# -protocol httpfilter { - protocol http - - # Return HTTP/HTML error pages to the client - return error - - # Block disallowed browsers - label "Please try a <em>different Browser</em>" - header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" - - # Block some well-known Instant Messengers - label "Instant messenger disallowed!" - response header filter "application/x-msn-messenger" from "Content-Type" - response header filter "app/x-hotbar-xip20" from "Content-Type" - response header filter "application/x-icq" from "Content-Type" - response header filter "AIM/HTTP" from "Content-Type" - response header filter "application/x-comet-log" from "Content-Type" -} - -relay httpproxy { - # Listen on localhost, accept redirected connections from pf(4) - listen on 127.0.0.1 port 8080 - protocol httpfilter - - # Forward to the original target host - nat lookup -} |