Technical data
3. Base configuration
PF_POSTROUTING_N='3'
PF_POSTROUTING_1'IP_NET_1 IP_NET_2 ACCEPT BIDIRECTIONAL'
PF_POSTROUTING_2='IP_NET_1 MASQUERADE' # mask packets leaving the
# subnet
PF_POSTROUTING_3='IP_NET_2 MASQUERADE' # mask packets leaving the
# subnet
Masking DSL-Router With Two Nets Behind It And SSH/HTTP-Access From the
Internet
#
# Access to the router
#
PF_INPUT_POLICY='REJECT'
PF_INPUT_ACCEPT_DEF='yes'
PF_INPUT_LOG='no'
PF_INPUT_N='4'
PF_INPUT_1='IP_NET_1 ACCEPT' # all hosts of the local net are allowed
# to access the router
PF_INPUT_2='IP_NET_2 ACCEPT' # all hosts of the local net are allowed
# to access the router
PF_INPUT_3='tmpl:ssh ACCEPT' # allow access to the SSH service
# from everywhere
PF_INPUT_4='tmpl:http 1.2.3.4/24 ACCEPT' # allow machines from
# a defined subnet access to the
# HTTP service
#
# Internet access
#
PF_FORWARD_POLICY='REJECT'
PF_FORWARD_ACCEPT_DEF='yes'
PF_FORWARD_LOG='no'
#
# No communication between the nets, both nets have
# Internet access, Samba-packets are dropped
#
PF_FORWARD_N='2'
PF_FORWARD_1='tmpl:samba if:any:pppoe DROP' # Samba-packets, that want to leave the
# net are dropped
PF_FORWARD_2='if:any:pppoe ACCEPT' # all other packets are allowed
# to leave the local net
#
# Masking of local nets, unmasked communication between those nets
#
PF_POSTROUTING_N='1'
PF_POSTROUTING_1='if:any:pppoe MASQUERADE' # mask packets leaving the
# subnet
63