Packet Filter openBSD
Packet Filter openBSD #
# #
# Network Interface
ext_if="rl1"
int_if="rl0"
# NAT (Network Address Translation)
nat on $ext_if from 192.168.10.0/24 to any -> 202.91.11.228
pass in all
pass out all
# Network Interface
ext_if="rl1"
int_if="rl0"
# NAT (Network Address Translation)
nat on $ext_if from 192.168.10.0/24 to any -> 202.91.11.228
# Port Services
tcp_ports ="{ 21, 80 }"
udp_ports ="{ 53 }"
# Internal -> Eksternal
ext_hosts ="{ 202.91.11.230 }"
int_ip ="{ 192.168.10.1 }"
# Eksternal -> Internal
eext_hosts ="{ 202.91.11.230 }"
#---------------------------------------------------------------------------------#
# Filtering Paket Internal -> Eksternal
# Log Paket
pass out log all
# Filtering Paket Port Ssh
block out on $int_if proto tcp from any port = 22
# Filtering Paket dengan host tertentu
# block out on $int_if proto tcp from $int_ip port = 22
# Filtering Paket Ip Address
# block out on $int_if from $ext_hosts
# Fitering Paket, Table Eksternal
# table
# block out on $int_if from
# Filtering Paket Default Deny
# block out on $int_if all
#---------------------------------------------------------------------------------#
# Filtering Paket Eksternal -> Internal
# Filtering Paket Eksternal
block in on $ext_if proto {udp, tcp} all
# Allow Paket Rule
pass in log on $ext_if proto tcp from any to any port $tcp_ports
pass in log on $ext_if proto udp from any to any port $udp_ports
# Filtering Ip Address Eksternal Host Tertentu
# block in on $ext_if from $eext_hosts to any
# Filtering Protokol dan Port Host Eksternal tertentu
block in on $ext_if proto tcp from $eext_hosts to any port = 22
#---------------------------------------------------------------------------------#
# Filtering Protokol ICMP
block in on $ext_if proto icmp all
block out on $int_if proto icmp all
<< Beranda