# PF.Conf extif = "igb1" intif = "igb0" intnet = "192.168.5.0/24" rolfen = "194.48.213.139" oddcomp = "192.168.5.150" wgnet = "192.168.9.0/24" quakejail = "192.168.5.151" table persist file "/etc/pf-vpn.txt" ################ services ################### web = "{ 443 }" quake_ports_udp = "{ 27500:27502, 28501:28502, 30000:30001 }" quake_ports_tcp = "{ 28000:28002 }" ################ groups #################### # options #set policy drop set loginterface $extif set skip on lo0 nat on $extif from $quakejail to any -> ($extif:0) static-port nat on $extif from { $intnet, $wgnet } to any -> ($extif) myservices="{ 8880, 8881 }" ssh_users="{" $slm $zyxel $rolfen "}" # Quake World rdr rules rdr pass on $extif proto udp from any to any port $quake_ports_udp -> $quakejail rdr pass on $extif proto tcp from any to any port $quake_ports_tcp -> $quakejail #default block on $extif # slapp igenom ###################### ipsec ################################ pass on $extif proto udp from to $extif port { 500 4500 } pass on $extif proto {esp, ah} from to any pass on $extif proto {esp, ah} from any to # keep it real pass in on $intif from $intif:network to any keep state pass out on $intif from any to $intif:network keep state pass on enc0 pass on wg0 pass out on $extif proto tcp from ($extif:0) to any flags S/SA keep state # Quake world pass in on $extif proto udp from any to $quakejail port $quake_ports_udp pass in on $extif proto tcp from any to $quakejail port $quake_ports_tcp pass on $extif proto icmp all pass out on $extif proto { udp, icmp } all keep state ###################### https, mysql ####################### pass in inet proto tcp from any to any port 443 #pass in inet proto tcp from any to any port 22