1# $NetBSD: npftest.conf,v 1.1.2.2 2012/08/13 17:49:52 riz Exp $ 2 3$ext_if = "npftest0" 4$int_if = "npftest1" 5 6# 7# RFC 5737 8# 9 10$pub_ip1 = 192.0.2.1 11$pub_ip2 = 192.0.2.2 12 13$local_ip1 = 10.1.1.1 14$local_ip2 = 10.1.1.2 15$local_ip3 = 10.1.1.3 16$local_ip4 = 10.1.1.4 17 18$local_net = { 10.1.1.0/24 } 19$ports = { 8000, 9000 } 20 21map $ext_if dynamic $local_ip2 <-> $pub_ip2 22map $ext_if dynamic $local_net -> $pub_ip1 23map $ext_if dynamic $local_ip1 port 6000 <- $pub_ip1 port 8000 24 25group (interface $ext_if) { 26 pass stateful out final proto tcp flags S/SA all 27 pass stateful out final from $local_net 28 pass stateful in final to any port $ports 29 pass stateful in final proto icmp all 30 block all 31} 32 33group (interface $int_if) { 34 ruleset (name "test-rules", dynamic) 35 pass stateful out final to $local_ip2 36 pass out final to $local_ip3 37 block final to $local_ip4 38} 39 40group (default) { 41 block all 42} 43