[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

transparrant pf bridge

hello i have installed a transparant bridge between two routers infront_rl0 and behind_ rl1
the below is my pf.conf ( first time i ever wrote it )
I wonder if this firewall (OpenBSD3.5) conf i wrote makes any sence .Both routers allso function as dhcp servers.
clients of behind_rl1 only need to access ftp,msn mesenger service pop3 mail and should be able to
get their ip-address automatically.The following pf.conf works but i wonder if it makes sence /has any effect.

ext_if = "rl0" int_if = "rl1"

tcp_services = "{bootpc,bootps,domain}"
udp_services  = "{bootpc, bootps,domain}"

set block-policy return
set loginterface &ext_if
scrub in on $ext_if all
scrub in on $int_it all

block in on &ext_if all
pass quick on lo0 all:
pass out on $ext_if proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA modulate state
pass out on $ext_if proto udp from any to ($ext_if) \
port $udp_services flags S/SA keep state
pass in on $ext_if proto udp from any to any
pass out on $int_if proto tcp all modulate state flags S/SA
pass out on $int_if proto {udp,icmp} all keep state