 |
 |
 |
 |
|
 |
 |
Le pare-feu PF (Packet Filter)
•
Exemple de fichier de règles :
# ExtIF : interface connectée à
Internet
# IntNet : réseau local
ExtIF=«
fxp0
»
NoRouteIPs=«
{127.0.0.1/8, 192.168.0.0/16}
»
IntNET=«
10.38.0.0/16
»
Services=«
{ www, https}
»
scrub in all
block in quick on $ExtIF from NoRouteIPs to any
block out quick on $ExtIF fron any to $NoRouteIPs
pass in quick on $ExtIF inet proto tcp from $IntNet to any port = 22
pass in quick on $ExtIF inet proto tcp from any to any port $Services flags
s/SA
Block in quick on $ExtIF from any to any
 |