blob: afe1e156c61e09bf203c5f7b8786134c0c67152b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
ext_if="lo0"
# OPTIONS, -O
set loginterface $ext_if
set timeout tcp.established 3600
set limit states 100
set optimization normal
set block-policy drop
set require-order yes
# NOMALIZATION
scrub in all
# QUEUEING, -A
altq on $ext_if priq bandwidth 10Mb tbrsize 1824 \
queue { pri-low pri-med pri-high }
queue pri-low priority 0
queue pri-med priority 1 priq(default)
queue pri-high priority 2
# NAT -N
rdr on $ext_if inet from any to any -> 127.0.0.1
nat on $ext_if inet from any to any -> 127.0.0.1
binat on $ext_if inet from 192.168.0.0/24 to 192.168.0.1/24 -> 192.168.0.3/24
# FILTER, -R
pass out on $ext_if proto tcp from any to any port 22 keep state \
queue(pri-med, pri-high)
pass out on $ext_if proto tcp from any to any port 80 keep state queue pri-med
pass in on $ext_if proto tcp from any to any port 80 keep state queue pri-low
|
