bash-2.05b# cat /etc/pf.conf
################################
##########################
#########
########  Regle de filtrage pour le reseaux TrackNet 192.168.1.0
#########
#########################
################################
 
###########
#Variable
###########
Iext = "tun0"   #External interface
Iint = "rl0"    #Internal interface
Iloop = "lo0"   #Loopback interface
 
NoRoute = "{127.0.0.1/8, 192.168.1.0/24, 255.255.255.255/32 }"
server = "192.168.1.2/32"       #
reseau = "192.168.1.0/24"
 
InTcp = "{ ssh, smtp, http, https, pop3, imap, ftp, ftp-data, 113, 27222, 3128 ,4662}"
#OutTcp = all
InUdp = "{ domain, 2401, 3077 }"
#OutUdp = "all"
 
 
############################
#
#Filtrage Interne et externe sur reseau 192.168.1.0/24
#
##########################
 
###########
#Normalisation des packet
##########
####################
#On bloque tout ce qui rentre par default
####################
 
block             in log on $Iext           all
block return-rst  in log on $Iext proto tcp all
block return-icmp in log on $Iext proto udp all
 
####################
#On laisse tout sur loopback
###################
pass in  quick on $Iloop all
pass out quick on $Iloop all
pass out quick on $Iext all keep state
 
##################
#On block directement les packet avec des flags FUP/FUP
#                                               SF/SFRA
#                                               /SFRA
#################
block in log on $Iext inet proto tcp all flags S/SA
#block in log quick on $Iext inet proto tcp all flags SF/SFRA
#block in log quick on $Iext inet proto tcp all flags /SFRA
#block in log quick on $Iext inet proto tcp all flags F/SFRA
#block in log quick on $Iext inet proto tcp all flags P
#block in log quick on $Iext inet proto tcp all flags U/SFRAU
 
block return-rst in quick on $Iext from any to 212.43.221.154 label forum
###########
#Spoofing mesure ;)
###########
block in log quick on $Iext from $NoRoute to any
block out log quick on $Iext from any to $NoRoute
 
block in quick on $Iext from any to 255.255.255.255
 
 
#############################
#Service et autre
############################
# ICMP
pass out    quick on $Iext inet proto icmp all icmp-type 8 code 0 keep state
#pass in log quick on $Iext inet proto icmp all icmp-type 8 code 0 keep state
 
# Service pour tout le monde
pass in quick on $Iext inet proto udp from any to any port $InUdp keep state
pass in quick on $Iext inet proto tcp from any to any port $InTcp flags S/SA modulate state

bash-2.05b# cat /etc/nat.conf
##########
# Nat Interface for Iternet
##########
 
nat on tun0 from 192.168.1.0/24 to any -> tun0
 
#########
# redirect Port
#########
#web http & https
rdr on tun0 proto tcp from any to any port 80 -> 192.168.1.2 port 80
rdr on tun0 proto tcp from any to any port 443 -> 192.168.1.2 port 443
#ssh
rdr on tun0 proto tcp from any to any port 22 -> 192.168.1.2 port 22
#mail pop imap & smtp
rdr on tun0 proto tcp from any to any port 143 -> 192.168.1.2 port 143
rdr on tun0 proto tcp from any to any port 110 -> 192.168.1.2 port 110
rdr on tun0 proto tcp from any to any port 25 -> 192.168.1.2 port 25
#ftp
rdr on tun0 proto tcp from any to any port 21 -> 192.168.1.2 port 21
rdr on tun0 proto tcp from any to any port 20 -> 192.168.1.2 port 20
#ident
rdr on tun0 proto tcp from any to any port 113 -> 192.168.1.1 port 113
#edonkey "\o/"
rdr on tun0 proto tcp from any to any port 4500 -> 192.168.1.2 port 4500
rdr on tun0 proto tcp from any to any port 4662 -> 192.168.1.7 port 4662
#dns
rdr on tun0 proto udp from any to any port 53 -> 192.168.1.2 port 53
#proxy
rdr on tun0 proto tcp from any to any port 3128-> 192.168.1.2 port 3128