# $OpenBSD: pf.conf,v 1.39 2009/04/06 12:10:10 henning Exp $ # # See pf.conf(5) for syntax and examples; this sample ruleset uses # require-order to permit mixing of NAT/RDR and filter rules. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. set require-order no set skip on lo set reassemble yes # NAT/filter rules and anchors for ftp-proxy(8) #nat-anchor "ftp-proxy/*" #rdr-anchor "ftp-proxy/*" #rdr pass on ! egress proto tcp to port ftp -> 127.0.0.1 port 8021 #anchor "ftp-proxy/*" #pass out proto tcp from $proxy to any port ftp # NAT/filter rules and anchors for relayd(8) #rdr-anchor "relayd/*" #anchor "relayd/*" # NAT rules and anchors for spamd(8) #table persist #table persist file "/etc/mail/nospamd" #no rdr on egress proto tcp from to any port smtp #no rdr on egress proto tcp from to any port smtp #rdr pass on egress proto tcp from any to any port smtp -> 127.0.0.1 port spamd pass in # to establish keep-state #block in quick from urpf-failed to any # use with care # By default, do not permit remote connections to X11 block in on ! lo0 proto tcp from any to any port 6000