na legalább szakértő is láthatja :-)))
ftp-proxy ki van kommentezve, de ettől függetlenül működik, ki érti ezt =)
#MACROS
nicext = "rl0"
nicint = "rl1"
tcpext = "{ 21 80 }"
protovia = "{ tcp udp icmp }"
trusted = "{ 192.168.0.21, 192.168.0.22, 192.168.0.23 }"
#OPTIONS
set block-policy return
set debug urgent
set loginterface $nicext
set optimization normal
set state-policy if-bound
#SCRUB
scrub in all
scrub on $nicext all reassemble tcp
#NAT, REDIRECTS
nat on $nicext from $trusted to any -> $nicext
#nat-anchor "ftp-proxy/*"
#rdr pass on $nicint proto tcp from $trusted to any port 21 -> 127.0.0.1 port 8021
#FILTER
#default deny policy
block all
#pass traffic on loopback interface
pass quick on lo0 all
#ftp-proxy
#anchor "ftp-proxy/*"
#pass out proto tcp from 127.0.0.1 to any port 21 keep state
#pass through traffic
pass in on $nicint proto $protovia from $trusted to any modulate state
pass out on $nicext proto $protovia from any to any modulate state
#pass in from outside
pass in on $nicext proto tcp from any to $nicext port $tcpext modulate state
pass in on $nicext proto tcp from any to $nicext port > 49151 modulate state