# /etc/pf.conf
# write by loulancn@163.com
set limit states 1000000
set limit frags 100000
set limit src-nodes 100000
set timeout tcp.established 3600
set timeout {tcp.closing 5,tcp.finwait 5,tcp.closed 5,udp.multiple 5,udp.single 5}
table <Lan_A> {192.168.0.0/16}
table <Lan_B> {172.16.0.0/12}
table <Lan_All> {192.168.0.0/16,172.16.0.0/12}
ip_pool_A="1.1.1.1/32"
ip_pool_B="2.2.2.2/32"
Lan_if="em1"
Lan_IP="3.3.3.3"
gw_A_if="xl0"
gw_A="1.1.1.1"
gw_B_if="em0"
gw_B="2.2.2.2"
nat on $gw_A_if from <Lan_All> to any -> $IP_Pool_A source-hash
nat on $gw_B_if from <Lan_All> to any -> $IP_Pool_B source-hash
pass quick on lo0 all
block in quick proto udp from <Lan_All> port 15000 to any
pass in quick on $Lan_if proto { tcp,udp,icmp } from <Lan_All> to $Lan_IP keep state
pass in quick on $Lan_if route-to ($gw_A_if $gw_A) proto { tcp,udp,icmp } from <Lan_A> to any keep state
pass in quick on $Lan_if route-to ($gw_B_if $gw_B) proto { tcp,udp,icmp } from <Lan_B> to any keep state
pass out quick on $gw_B_if keep state
pass out quick on $gw_A_if keep state
pass in quick on $Lan_if proto tcp from <Lan_All> to $ Lan_IP port 22 keep state
block all
相关文章: