English Portuguese (Brazil)
Firewalls Firewalls
pf_flags="" # additional flags for pfctl startup
pf_flags="" # additional flags for pfctl startup
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd startup
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd startup
gateway_enable="YES" # Enable as LAN gateway
gateway_enable="YES" # Enable as LAN gateway
block in all
pass out all keep state
block in all
pass out all keep state
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s }"
udp_services = "{ domain }"
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s }"
udp_services = "{ domain }"
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s }"
udp_services = "{ domain }"
block all
pass out proto tcp to any port $tcp_services keep state
pass proto udp to any port $udp_services keep state
tcp_services = "{ ssh, smtp, domain, www, pop3, auth, pop3s }"
udp_services = "{ domain }"
block all
pass out proto tcp to any port $tcp_services keep state
pass proto udp to any port $udp_services keep state
pass in on xl1 from xl1:network to xl0:network port $ports keep state
pass in on xl1 from xl1:network to xl0:network port $ports keep state
pass out on xl0 from xl1:network to xl0:network port $ports keep state
pass out on xl0 from xl1:network to xl0:network port $ports keep state
pass from xl1:network to any port $ports keep state
pass from xl1:network to any port $ports keep state
pass from $localnet to any port $ports keep state
pass from $localnet to any port $ports keep state
client_out = "{ ftp-data, ftp, ssh, domain, pop3, auth, nntp, http, \
https, cvspserver, 2628, 5999, 8000, 8080 }"
client_out = "{ ftp-data, ftp, ssh, domain, pop3, auth, nntp, http, \
https, cvspserver, 2628, 5999, 8000, 8080 }"
pass inet proto tcp from $localnet to any port $client_out \
flags S/SA keep state
pass inet proto tcp from $localnet to any port $client_out \
flags S/SA keep state
pass in inet proto tcp to $ext_if port ssh
pass in inet proto tcp to $ext_if port ssh
udp_services = "{ domain, ntp }"
pass quick inet proto { tcp, udp } to any port $udp_services keep state
udp_services = "{ domain, ntp }"
pass quick inet proto { tcp, udp } to any port $udp_services keep state
ftpproxy_enable="YES"
ftpproxy_enable="YES"
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
pass out proto tcp from $proxy to any port ftp
pass out proto tcp from $proxy to any port ftp
pass inet proto icmp from any to any
pass inet proto icmp from any to any
pass inet proto icmp from $localnet to any keep state
pass inet proto icmp from any to $ext_if keep state
pass inet proto icmp from $localnet to any keep state
pass inet proto icmp from any to $ext_if keep state