fix formatting in network documentation
This commit is contained in:
Christer Edwards
@@ -165,12 +165,7 @@ Create the firewall rules:
|
|||||||
set skip on lo
|
set skip on lo
|
||||||
|
|
||||||
table <jails> persist
|
table <jails> persist
|
||||||
nat on $ext_if from <jails> to any -> ($ext_if)
|
nat on $ext_if from <jails> to any -> ($ext_if:0)
|
||||||
|
|
||||||
## static rdr example
|
|
||||||
## rdr pass inet proto tcp from any to any port {80, 443} -> 10.17.89.45
|
|
||||||
|
|
||||||
## dynamic rdr anchor (see below)
|
|
||||||
rdr-anchor "rdr/*"
|
rdr-anchor "rdr/*"
|
||||||
|
|
||||||
block in all
|
block in all
|
||||||
@@ -178,10 +173,6 @@ Create the firewall rules:
|
|||||||
antispoof for $ext_if inet
|
antispoof for $ext_if inet
|
||||||
pass in inet proto tcp from any to any port ssh flags S/SA modulate state
|
pass in inet proto tcp from any to any port ssh flags S/SA modulate state
|
||||||
|
|
||||||
# If you are using dynamic rdr also need to ensure that the external port
|
|
||||||
# range you are using is open
|
|
||||||
# pass in inet proto tcp from any to any port <rdr-start>:<rdr-end>
|
|
||||||
|
|
||||||
- Make sure to change the `ext_if` variable to match your host system interface.
|
- Make sure to change the `ext_if` variable to match your host system interface.
|
||||||
- Make sure to include the last line (`port ssh`) or you'll end up locked out.
|
- Make sure to include the last line (`port ssh`) or you'll end up locked out.
|
||||||
|
|
||||||
@@ -192,9 +183,6 @@ to containers are:
|
|||||||
|
|
||||||
nat on $ext_if from <jails> to any -> ($ext_if)
|
nat on $ext_if from <jails> to any -> ($ext_if)
|
||||||
|
|
||||||
## static rdr example
|
|
||||||
## rdr pass inet proto tcp from any to any port {80, 443} -> 10.17.89.45
|
|
||||||
|
|
||||||
The `nat` routes traffic from the loopback interface to the external
|
The `nat` routes traffic from the loopback interface to the external
|
||||||
interface for outbound access.
|
interface for outbound access.
|
||||||
|
|
||||||
@@ -202,16 +190,19 @@ The `rdr pass ...` will redirect traffic from the host firewall on port X to
|
|||||||
the ip of Container Y. The example shown redirects web traffic (80 & 443) to the
|
the ip of Container Y. The example shown redirects web traffic (80 & 443) to the
|
||||||
containers at `10.17.89.45`.
|
containers at `10.17.89.45`.
|
||||||
|
|
||||||
## dynamic rdr anchor (see below)
|
.. code-block:: shell
|
||||||
rdr-anchor "rdr/*"
|
|
||||||
|
rdr-anchor "rdr/*"
|
||||||
|
|
||||||
The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
|
The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
|
||||||
`bastille rdr` command at runtime - eg.
|
`bastille rdr` command at runtime - eg.
|
||||||
|
|
||||||
bastille rdr <jail> tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail
|
.. code-block:: shell
|
||||||
bastille rdr <jail> udp 2053 53 # Same for udp
|
|
||||||
bastille rdr <jail> list # List dynamic rdr rules
|
bastille rdr <jail> tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail
|
||||||
bastille rdr <jail> clear # Clear dynamic rdr rules
|
bastille rdr <jail> udp 2053 53 # Same for udp
|
||||||
|
bastille rdr <jail> list # List dynamic rdr rules
|
||||||
|
bastille rdr <jail> clear # Clear dynamic rdr rules
|
||||||
|
|
||||||
Note that if you are redirecting ports where the host is also listening
|
Note that if you are redirecting ports where the host is also listening
|
||||||
(eg. ssh) you should make sure that the host service is not listening on
|
(eg. ssh) you should make sure that the host service is not listening on
|
||||||
|
|||||||
Reference in New Issue
Block a user