mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-16 07:28:25 +02:00
6a9fdbf3af
should use "(interface)" syntax to the right of "->" in NAT rules. This now works for all interfaces, including those that have ip addresses in fwbuilder configuration, when interface object appears in "Translated Source" in a nat rule. When firewall object appears in "Translated Source", it gets replaced with a set of its interfaces which also get translated into "-> (interface)".
61 lines
2.0 KiB
Plaintext
61 lines
2.0 KiB
Plaintext
|
|
|
|
|
|
|
|
# Tables: (1)
|
|
table <tbl.r4> { 22.22.22.22 , 22.22.23.22 }
|
|
|
|
#
|
|
# Rule 4 (NAT)
|
|
rdr proto tcp from any to <tbl.r4> port 80 -> 127.0.0.1 port 8080
|
|
#
|
|
# Rule 7 (NAT)
|
|
nat on en0 proto udp from any port 6767 to any -> (en0) port 67
|
|
nat on en1 proto udp from any port 6767 to any -> (en1) port 67
|
|
#
|
|
# Rule 9 (NAT)
|
|
rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080
|
|
#
|
|
# Rule 10 (NAT)
|
|
# SDNAT
|
|
rdr proto tcp from any to <tbl.r4> port 22 -> 192.168.1.10 port 22
|
|
nat on en0 proto tcp from any to 192.168.1.10 port 22 -> (en0)
|
|
nat on en1 proto tcp from any to 192.168.1.10 port 22 -> (en1)
|
|
#
|
|
# Rule 11 (NAT)
|
|
# SDNAT with source port
|
|
rdr proto udp from any port 123 to <tbl.r4> -> 192.168.1.10
|
|
nat on en0 proto udp from any port 123 to 192.168.1.10 -> (en0) port 5050
|
|
nat on en1 proto udp from any port 123 to 192.168.1.10 -> (en1) port 5050
|
|
#
|
|
# Rule 12 (NAT)
|
|
# SDNAT with dest port
|
|
rdr proto udp from 192.168.1.0/24 to any port 53 -> 192.168.1.10 port 1053
|
|
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en0)
|
|
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en1)
|
|
#
|
|
# Rule 13 (NAT)
|
|
# SDNAT
|
|
# translate src and dst addresses
|
|
# and src and dst ports
|
|
rdr proto udp from 192.168.1.0/24 port 1024:65535 to any port 53 -> 192.168.1.10 port 1053
|
|
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en0) port 32767:*
|
|
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en1) port 32767:*
|
|
#
|
|
# Rule 14 (NAT)
|
|
# Matches destination port, translates source port
|
|
nat on en0 proto udp from 192.168.1.0/24 to any port 53 -> (en0) port 5050
|
|
nat on en1 proto udp from 192.168.1.0/24 to any port 53 -> (en1) port 5050
|
|
|
|
#
|
|
# Rule 0 (global)
|
|
pass quick inet proto tcp from any to 22.22.22.23 port 8080 flags any label "RULE 0 -- ACCEPT "
|
|
#
|
|
# Rule 1 (global)
|
|
block log quick inet from any to any no state label "RULE 1 -- DROP "
|
|
#
|
|
# Rule fallback rule
|
|
# fallback rule
|
|
block quick inet from any to any no state label "RULE 10000 -- DROP "
|
|
|