forum.lissyara.su

Код: Выделить всё

table <nursat> persist file "/etc/pf.nursat"

set block-policy drop
set skip on lo0
scrub in all fragment reassemble

int_if="re0"
ext_nursat="rl0"
ext_xcom="re1"

nat on $ext_nursat from $int_if:network to any -> $ext_nursat
nat on $ext_xcom from $int_if:network to any -> ($ext_xcom)

pass in quick on $int_if from $int_if:network to $int_if:network

block in on $ext_nursat
block in on $ext_xcom

pass in on $ext_xcom inet proto tcp to port 80 flags S/SA keep state
pass in on $ext_xcom inet proto tcp to port 21 flags S/SA keep state
pass in on $ext_xcom inet proto tcp to port 20 flags S/SA keep state
pass in on $ext_xcom proto tcp from any to any port > 49151 keep state

pass in inet proto tcp to port 22 flags S/SA keep state

pass in on $int_if from $int_if:network to any keep state

pass in on $int_if route-to ($ext_nursat 1.2.3.3) inet from $int_if:network to <nursat> flags S/SA keep state
pass in on $ext_nursat reply-to ($ext_nursat 1.2.3.3) inet from any to 1.2.3.4 flags S/SA keep state

pass out all
# Вот тут должно стоять что-то вроде
#pass out on $ext_xcom route-to ($ext_nursat 1.2.3.3) inet from any to <nursat> flags S/SA keep state

Код: Выделить всё

nat on $ext_xcom from self to <nursat> -> 1.2.3.4
...
pass out route-to ($ext_nursat 1.2.3.3) inet from self to <nursat> flags S/SA keep state