diff options
| author |   henning <henning@openbsd.org> | 2002-06-22 10:19:13 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2002-06-22 10:19:13 +0000 |
| commit | 9640308f883b49477d0a6d58320e355e03aaee91 (patch) | |
| tree | e49c62798246422ea0b474061458ab747ac8be75 | |
| parent | uid are unsigned outside of germany (diff) | |
| download | wireguard-openbsd-9640308f883b49477d0a6d58320e355e03aaee91.tar.xz wireguard-openbsd-9640308f883b49477d0a6d58320e355e03aaee91.zip | |
add a commented out scrub example
ok frantzen@
| -rw-r--r-- | etc/pf.conf | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/etc/pf.conf b/etc/pf.conf index c2ee2416a77..a40ac9bd1c3 100644 --- a/etc/pf.conf +++ b/etc/pf.conf @@ -1,10 +1,14 @@ -# $OpenBSD: pf.conf,v 1.4 2002/06/17 08:07:58 henning Exp $ +# $OpenBSD: pf.conf,v 1.5 2002/06/22 10:19:13 henning Exp $ # # See pf.conf(5) for syntax and examples # # replace ext0 with external interface name, 10.0.0.0/8 with internal network # and 192.168.1.1 with external address -# + +# Normalize: reassemble fragments and resolve or reduce traffic ambiguities + +# scrub in all + # nat: packets going out through ext0 with source address 10.0.0.0/8 will get # translated as coming from 192.168.1.1. a state is created for such packets, # and incoming packets will be redirected to the internal address. @@ -29,4 +33,3 @@ # block in log all # pass in on ext0 proto tcp from any to ext0 port 22 keep state # pass out on ext0 proto { tcp, udp } all keep state - |