BastilleBSD/bastille
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

add PATH; improve firewall

Browse Source
This commit is contained in:
Christer Edwards
2019-11-25 15:38:40 -07:00
parent e4c4d0df2e
commit b5c8330502
4 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -94,9 +94,7 @@ First, create the loopback interface:
```shell
ishmael ~ # sysrc cloned_interfaces+=lo1
ishmael ~ # sysrc ifconfig_lo1_name="bastille0"
ishmael ~ # sysrc ifconfig_bastille0_aliases="inet 10.17.89.1/32"
ishmael ~ # service netif cloneup
ishmael ~ # ifconfig bastille0 inet 10.17.89.1/32
```
Second, enable the firewall:
@@ -116,7 +114,8 @@ set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
nat on $ext_if from bastille0:network to any -> ($ext_if)
table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if)
## rdr example
## rdr pass inet proto tcp from any to any port {80, 443} -> 10.17.89.45