Technical data
3. Base configuration
PF_FORWARD_POLICY='REJECT'
PF_FORWARD_ACCEPT_DEF='yes'
PF_FORWARD_LOG='no'
PF_FORWARD_N='2'
PF_FORWARD_1='tmpl:samba DROP' # Samba-packets, that want to leave the
# net are dropped
PF_FORWARD_2='IP_NET_1 ACCEPT' # all other packets are allowed
# to leave the local net
#
# Maskieren des lokalen Netzes
#
PF_POSTROUTING_N='1'
PF_POSTROUTING_1='IP_NET_1 MASQUERADE' # mask packets leaving the
# subnet
Simple Router Masking Two Nets Behind Itself
#
# Access to the router
#
PF_INPUT_POLICY='REJECT'
PF_INPUT_ACCEPT_DEF='yes'
PF_INPUT_LOG='no'
PF_INPUT_N='2'
PF_INPUT_1='IP_NET_1 ACCEPT' # all hosts of the local net are allowed
# to access the router
PF_INPUT_2='IP_NET_2 ACCEPT' # all hosts of the local net are allowed
# to access the router
#
# Internet access
#
PF_FORWARD_POLICY='REJECT'
PF_FORWARD_ACCEPT_DEF='yes'
PF_FORWARD_LOG='no'
#
# Free communication between the nets
#
PF_FORWARD_N='4'
PF_FORWARD_1='IP_NET_1 IP_NET_2 ACCEPT BIDIRECTIONAL'
PF_FORWARD_2='tmpl:samba DROP' # Samba-packets, that want to leave the
# net are dropped
PF_FORWARD_3='IP_NET_1 ACCEPT' # all other packets are allowed
# to leave the local net
PF_FORWARD_4='IP_NET_2 ACCEPT' # all other packets are allowed
# to leave the local net
#
# Masking of local nets, unmasked communication between those nets
#
62