![]() # CAUTION: mixing up WAN and LAN interfaces may introduce security risks! ![]() # address associated with the subnet follows. # When MULTIPLE_EXTERNAL_IP is enabled, the external IP # It is mandatory to use the network interface name in order to enable IPv6 ![]() # It can be IP address or network interface name (ie. # use multiple 'listening_ip=.' lines, one for each network interface. # There can be multiple listening IPs for SSDP traffic, in that case # If the WAN interface has several IP addresses, you Pass log quick on em0 inet proto icmp from any to any label "ICMPACCEPT" Pass log quick on em0 inet proto udp from any to any label "UDPACCEPT" Pass log quick on em0 inet proto tcp from any to any label "TCPACCEPT" Pass log quick inet from 192.168.0.0/24 to any label "INTERNAL2WORLD" ![]() # Internal network access to server and outside world Pass log quick inet from 192.168.0.0/24 to any label "lo1" # lo1 cloned loopback on internal network Pass log quick on em0 inet proto udp from 192.168.0.0/24 to any port Pass log quick on lo0 inet proto udp from lo0 to 127.0.0.1 label "UDP lo0" Pass log quick on loopback inet from any to any label "Loopback" # Blocking IPs via fail2ban and bruteforce Nat on em0 from any to any -> (em0) static-port Scrub from em1 to any no-df random-id fragment reassemble
0 Comments
Leave a Reply. |