Hi,
I just built a small firewall using OpenBSD 5.2
Advices are welcome... ;-)
Thank you very much.
So, 2 interfaces, with the following rules :
-Traffic only Ipv4
-Allow pings in/out
-Allow our lan to only have ftp/http and https
-Allow an access from anywhere to our RDP server
-Prioritizing Acks
*************************************************
lan=rl0
allow="{www,ftp,https}"
rdphost="10.0.0.10"
set skip on lo
set block-policy return
match in all scrub (no-df max-mss 1440)
match out on egress inet from $lan:network to any nat-to egress
block log all
anchor "ftp-proxy/*"
pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021
pass out on egress inet proto tcp set prio (1,7)
pass out on egress inet proto udp
pass out on $lan inet
pass in on $lan proto udp from $lan:network to port domain
pass in on $lan proto tcp from $lan:network to port $allow
pass inet proto icmp all icmp-type echoreq
pass in on egress inet proto tcp from any to any port 3389 \
rdr-to $rdphost tag rdp set prio (1,7)
pass out on $lan tagged rdp
*************************************************
Cheers,
Wesley
