Start working on replicated fsol gw
* Add fsol01 host * Move everything to fsol01 for now * Add pfsync interface * Try to fix firewall rules with correct no-sync options
This commit is contained in:
parent
d41d59a0d4
commit
55855d7c15
5 changed files with 38 additions and 7 deletions
|
|
@ -1,7 +1,8 @@
|
|||
# interfaces
|
||||
int_if = "vio0"
|
||||
ext_if = "vio1"
|
||||
dmz_if = "vio2"
|
||||
sync_if = "vio1"
|
||||
ext_if = "vio2"
|
||||
dmz_if = "vio3"
|
||||
fsol_if = "tap0"
|
||||
|
||||
# networks
|
||||
|
|
@ -30,18 +31,21 @@ antispoof for lo0
|
|||
antispoof for vio0
|
||||
|
||||
# admin connection (internal)
|
||||
pass in quick on $int_if proto tcp from $int_net to self port ssh
|
||||
pass in quick on $int_if proto tcp from $int_net to self port ssh keep state (no-sync)
|
||||
|
||||
# internal network
|
||||
block in quick from any to self
|
||||
pass out quick on $int_if from $int_me to $int_net
|
||||
pass out quick on $int_if from $int_me to $int_net keep state (no-sync)
|
||||
|
||||
# dmz network
|
||||
pass in quick on $dmz_if inet from $dmz_net to any
|
||||
pass out quick on $dmz_if inet from any to $dmz_net
|
||||
|
||||
# allow myself to communicate dna network but don't use pfsync
|
||||
pass out quick on $ext_if from self to any
|
||||
pass out quick on $ext_if from self to any keep state (no-sync)
|
||||
|
||||
# pfsync interface
|
||||
pass quick on $sync_if proto pfsync keep state (no-sync)
|
||||
|
||||
# fsol (router) network
|
||||
pass in quick on $fsol_if proto ospf from any to any
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue