Quando você roda 'pfctl -f pf.conf' não aparece a linha onde se encontra o erro?
2007/1/25, Cristina Fernandes Silva <[EMAIL PROTECTED]>:
> O restante é esse.
>
>
> # Fazendo o NAT
> nat on $int_ext from $rede to any -> $int_ext
> nat on $int_ext from <baixa> to any -> $int_ext
> nat on $int_ext from <bmedia> to any -> $int_ext
> nat on $int_ext from <media> to any -> $int_ext
> nat on $int_ext from <alta> to any -> $int_ext
> nat on $int_ext from <center> to any -> $int_int
>
>
> # Redicrecionamento
> #--------------------------------
> rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128
>
> # ... sessão de filtragem
>
> # blockeando tudo por default
> block in log on $int_ext from any to any
>
> # bloqueando spoof
> antispoof for { $int_ext } inet
>
> # bloqueando scanners
> block drop in quick on { $int_ext } from any os { NMAP }
>
> # bloqueando trafego ipv6
> block log quick inet6
>
> #Liberando loopback
> pass quick on lo0 all
>
> # liberando ping/traceroute
> pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
>
> # Liberando portas
> #INCOMING
> #TCP
> pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN
> flags S/SA keep state
> #UDP
> #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN
> keep state
> #PING
> pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type
> $PING keep state
>
> pass in on $int_ext inet proto { tcp udp } from any to any port 22
> pass in on $int_ext inet proto { tcp udp } from any to any port 21
> pass in on $int_ext inet proto { tcp udp } from any to any port 20
> pass in on $int_ext inet proto { tcp udp } from any to any port 25
> pass in on $int_ext inet proto { tcp udp } from any to any port 53
> pass in on $int_ext inet proto { tcp udp } from any to any port 80
> pass in on $int_ext inet proto { tcp udp } from any to any port 443
> pass in on $int_ext inet proto { tcp udp } from any to any port 110
> pass in on $int_ext inet proto { tcp udp } from any to any port 8080
> pass in on $int_ext inet proto { tcp udp } from any to any port 6667
> pass in on $int_ext inet proto { tcp udp } from any to any port 6891
> pass in on $int_ext inet proto { tcp udp } from any to any port 6893
> pass in on $int_ext inet proto { tcp udp } from any to any port 6900
> pass in on $int_ext inet proto { tcp udp } from any to any port 1213
> pass in on $int_ext inet proto { tcp udp } from any to any port 1214
> pass in on $int_ext inet proto { tcp udp } from any to any port 1832
> pass in on $int_ext inet proto { tcp udp } from any to any port 3094
> pass in on $int_ext inet proto { tcp udp } from any to any port 3622
> pass in on $int_ext inet proto { tcp udp } from any to any port 2216
> pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy
> flags S/SA keep state
>
> #OUTGOING
> #EXTERNAL INTERFACE
>
> #TCP
> pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT
> flags S/SA keep
> state
>
> #UDP
> pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT
> keep state
>
> #ICMP
> pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type
> $PING keep state
>
> # Liberando acesso
> pass in log on $int_ext from <baixa> to any queue baixa_in
> pass in log on $int_ext from <bmedia> to any queue bmedia_in
> pass in log on $int_ext from <media> to any queue media_in
> pass in log on $int_ext from <alta> to any queue alta_in
> pass in log on $int_ext from <center> to any queue center_in
>
> pass in log on $int_ext from <baixa> to any
> pass in log on $int_ext from <bmedia> to any
> pass in log on $int_ext from <media> to any
> pass in log on $int_ext from <alta> to any
> pass in log on $int_ext from <center> to any
>
>
> Obrigada
>
>
> Cristina
>
>
> __________________________________________________
> Fale com seus amigos de graça com o novo Yahoo! Messenger
> http://br.messenger.yahoo.com/
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
--
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
