configuration

####
# FORWARDING + VLAN
hostname="test"
ifconfig_igb0="inet XXX.XXX.XXX.XXX/22"
defaultrouter="XXX.XXX.XXX.1"  
sshd_enable="YES"

# IPv4 router
gateway_enable="YES"
static_routes="generator receiver"
route_generator="-net 198.18.0.0/16 198.18.0.110"
route_receiver="-net 198.19.0.0/16 198.19.0.110"



ifconfig_mce0="up  -tso4 -tso6 -lro -vlanhwtso"
ifconfig_mce1="up  -tso4 -tso6 -lro -vlanhwtso"

vlans_mce1="4001"

ifconfig_mce0="inet 198.18.0.22/24"
ifconfig_mce1_4001="inet 198.19.0.22/24"
static_arp_pairs="ix0 ix1"
static_arp_ix0="198.18.0.110 90:1b:0e:43:c6:3b"
static_arp_ix1="198.19.0.110 90:1b:0e:43:c6:3c"

# IPv6 router
ipv6_gateway_enable="YES"
ipv6_activate_all_interfaces="YES"
ipv6_static_routes="generator receiver"
ipv6_route_generator="2001:2:: -prefixlen 49 2001:2::110"
ipv6_route_receiver="2001:2:0:8000:: -prefixlen 49 2001:2:0:8000::110"
ifconfig_mce0_ipv6="inet6 2001:2::22 prefixlen 64"
ifconfig_mce1_4001_ipv6="inet6 2001:2:0:8000::22 prefixlen 64"
static_ndp_pairs="ix0 ix1"
static_ndp_ix0="2001:2::110 90:1b:0e:43:c6:3b"
static_ndp_ix1="2001:2:0:8000::110 90:1b:0e:43:c6:3c"

# PF

pf_enable="YES"


ifconfig_igb1="up"
ifconfig_igb1="inet 192.168.148.129/29"

#PFSYNC 

pfsync_enable="YES"
pflog_enable="YES"
pfsync_syncdev="igb1"

RULES

#### HEADER
#ruleset_header.pf
set limit { states 10000000 }
set ruleset-optimization basic
#interfaces
generator="mce0"
receiver="mce1.4001"
# Default block all
block

# Don't filter on loopback
set skip on lo0


pass quick from 147.156.238.148 to self
pass quick from 147.156.8.130 to self


# Allow traffic from inside to outside
pass quick from $receiver:network to any
pass quick from self to any

#### BODY FROM RULE GENERATOR
#ruleset_body.pf

#### TAIL from 
#ruleset_tail.pf
pass quick from 198.18.10.0/24 to 198.19.10.0/24

RULE GENERATOR



mkdir /tmp/pf && cd /tmp/pf
rm ruleset_body.pf
for j in `seq 30 39`
do 
for i in `seq 1 250`
do 
echo "pass quick proto tcp from 198.18.$j.$i to 198.19.$j.$i port $j$i" >> ruleset_body.pf
echo "pass quick proto tcp from 198.18.$j.$i to 198.19.$j.$i port $i$j" >> ruleset_body.pf
echo "pass quick proto udp from 198.18.$j.$i to 198.19.$j.$i port $j$i" >> ruleset_body.pf
echo "pass quick proto udp from 198.18.$j.$i to 198.19.$j.$i port $i$j" >> ruleset_body.pf

done 
done

cat ruleset_header.pf ruleset_body.pf ruleset_tail.pf > ruleset_test.pf

	Servicio de la Universitat de València	Mapa Web Entorno de usuario Valencià English
	Servicio de la Universitat de València	bsdrp_configuration

	@ > vyos_bsdrp > bsdrp_configuration configuration #### # FORWARDING + VLAN hostname="test" ifconfig_igb0="inet XXX.XXX.XXX.XXX/22" defaultrouter="XXX.XXX.XXX.1" sshd_enable="YES" # IPv4 router gateway_enable="YES" static_routes="generator receiver" route_generator="-net 198.18.0.0/16 198.18.0.110" route_receiver="-net 198.19.0.0/16 198.19.0.110" ifconfig_mce0="up -tso4 -tso6 -lro -vlanhwtso" ifconfig_mce1="up -tso4 -tso6 -lro -vlanhwtso" vlans_mce1="4001" ifconfig_mce0="inet 198.18.0.22/24" ifconfig_mce1_4001="inet 198.19.0.22/24" static_arp_pairs="ix0 ix1" static_arp_ix0="198.18.0.110 90:1b:0e:43:c6:3b" static_arp_ix1="198.19.0.110 90:1b:0e:43:c6:3c" # IPv6 router ipv6_gateway_enable="YES" ipv6_activate_all_interfaces="YES" ipv6_static_routes="generator receiver" ipv6_route_generator="2001:2:: -prefixlen 49 2001:2::110" ipv6_route_receiver="2001:2:0:8000:: -prefixlen 49 2001:2:0:8000::110" ifconfig_mce0_ipv6="inet6 2001:2::22 prefixlen 64" ifconfig_mce1_4001_ipv6="inet6 2001:2:0:8000::22 prefixlen 64" static_ndp_pairs="ix0 ix1" static_ndp_ix0="2001:2::110 90:1b:0e:43:c6:3b" static_ndp_ix1="2001:2:0:8000::110 90:1b:0e:43:c6:3c" # PF pf_enable="YES" ifconfig_igb1="up" ifconfig_igb1="inet 192.168.148.129/29" #PFSYNC pfsync_enable="YES" pflog_enable="YES" pfsync_syncdev="igb1" RULES #### HEADER #ruleset_header.pf set limit { states 10000000 } set ruleset-optimization basic #interfaces generator="mce0" receiver="mce1.4001" # Default block all block # Don't filter on loopback set skip on lo0 pass quick from 147.156.238.148 to self pass quick from 147.156.8.130 to self # Allow traffic from inside to outside pass quick from $receiver:network to any pass quick from self to any #### BODY FROM RULE GENERATOR #ruleset_body.pf #### TAIL from #ruleset_tail.pf pass quick from 198.18.10.0/24 to 198.19.10.0/24 RULE GENERATOR mkdir /tmp/pf && cd /tmp/pf rm ruleset_body.pf for j in `seq 30 39` do for i in `seq 1 250` do echo "pass quick proto tcp from 198.18.$j.$i to 198.19.$j.$i port $j$i" >> ruleset_body.pf echo "pass quick proto tcp from 198.18.$j.$i to 198.19.$j.$i port $i$j" >> ruleset_body.pf echo "pass quick proto udp from 198.18.$j.$i to 198.19.$j.$i port $j$i" >> ruleset_body.pf echo "pass quick proto udp from 198.18.$j.$i to 198.19.$j.$i port $i$j" >> ruleset_body.pf done done cat ruleset_header.pf ruleset_body.pf ruleset_tail.pf > ruleset_test.pf
	© El Autor WIKI, Universitat de València - Buzón UV Modificado: 24 noviembre 2019 20:00 wiki / traza / editar