Le Wiki de Sheltem

Outils pour utilisateurs

Outils du site

Piste : pf
freebsd:pf

Ceci est une ancienne révision du document !

Kernel

On ajoute ça : 

device pf
device pflog
device pfsync

On recompile : 

make buildkernel KERNCONF=MONKERNEL
make installkernel KERNCONF=MONKERNEL

Exemple de fichier de configuration /etc/pf.conf : 

ext_if="re0"
int_if="lo0"

table <white_list> { 91.121.132.33 }
table <bad_hosts> persist file "/etc/bad_hosts"

scrub in all

block in log (all) all
pass out all 

set skip on lo0

pass in quick on $ext_if from <white_list> to any

pass in quick proto icmp6 all
pass in quick proto icmp all

block quick from <bad_hosts>
pass in on $ext_if proto tcp to ($ext_if) port http keep state (max-src-conn-rate 20/5, overload <bad_hosts> flush global)
pass in on $ext_if proto tcp to ($ext_if) port ssh keep state (max-src-conn-rate 10/60, overload <bad_hosts> flush global)

#Allow DNS
pass in on $ext_if proto tcp to ($ext_if) port domain
pass in on $ext_if proto udp to ($ext_if) port domain

#Allow traceroute
pass in on $ext_if proto udp to ($ext_if) port 33433 >< 33626 keep state
freebsd/pf.1300476091.txt.gz · Dernière modification : 2011/03/18 19:21 de sheltem