OpenBSD hardening


Firewall - PF - Esempio (2/3):

               set loginterface $ext_if
               # scrub
               scrub in all

               # nat/rdr
               nat on $ext_if from $int_if:network to any -> ($ext_if)
               rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
               rdr on $ext_if proto tcp from any to any port 80 -> $comp3

               # filter rules (block 	in log all)
               block all

               pass quick on lo0 all

               block drop in  quick on $ext_if from $priv_nets to any
               block drop out quick on $ext_if from any to $priv_nets

               pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state