diff options
| author | Andreas Baumann <mail@andreasbaumann.cc> | 2017-04-12 13:25:04 +0200 |
|---|---|---|
| committer | Andreas Baumann <mail@andreasbaumann.cc> | 2017-04-12 13:25:04 +0200 |
| commit | 3310cb4d4ef7acd51df426d5777159b816fed7a2 (patch) | |
| tree | 561cf1af3c57daaafb0ec2b5a776c29a9619bb61 /config | |
| parent | d95c5ae2c9bc0a86ad470ebb6d7af16ba2bdeb1d (diff) | |
| download | OpenBSD-firewall-3310cb4d4ef7acd51df426d5777159b816fed7a2.tar.gz OpenBSD-firewall-3310cb4d4ef7acd51df426d5777159b816fed7a2.tar.bz2 | |
synched configuration and updated README before upgrading to OpenBSD 6.1
Diffstat (limited to 'config')
| -rw-r--r-- | config/obr/dhcpd.conf | 5 | ||||
| -rw-r--r-- | config/obr/nsd-internal/zones/1.168.192.in-addr | 3 | ||||
| -rw-r--r-- | config/obr/nsd-internal/zones/lan | 3 | ||||
| -rw-r--r-- | config/obr/pf.conf | 6 |
4 files changed, 14 insertions, 3 deletions
diff --git a/config/obr/dhcpd.conf b/config/obr/dhcpd.conf index 3421c88..ebaa745 100644 --- a/config/obr/dhcpd.conf +++ b/config/obr/dhcpd.conf @@ -96,5 +96,10 @@ shared-network LAN { hardware ethernet 00:1c:b3:c3:74:8c; fixed-address 192.168.1.20; } + + host eurobuild5 { + hardware ethernet b8:27:eb:15:62:14; + fixed-address 192.168.1.21; + } } } diff --git a/config/obr/nsd-internal/zones/1.168.192.in-addr b/config/obr/nsd-internal/zones/1.168.192.in-addr index cb06ac5..308c459 100644 --- a/config/obr/nsd-internal/zones/1.168.192.in-addr +++ b/config/obr/nsd-internal/zones/1.168.192.in-addr @@ -5,7 +5,7 @@ $ORIGIN . $TTL 60 1.168.192.in-addr.arpa IN SOA obr.lan. root.obr.lan. ( - 2016123100 ; serial + 2017031000 ; serial 3h ; refresh 15m ; retry 2w ; expire @@ -33,5 +33,6 @@ $ORIGIN 1.168.192.in-addr.arpa. 18 IN PTR eurobuild4.lan. 19 IN PTR phone.lan. 20 IN PTR euromac.lan. +21 IN PTR eurobuild5.lan 253 IN PTR wrt2.lan. 254 IN PTR wrt1.lan. diff --git a/config/obr/nsd-internal/zones/lan b/config/obr/nsd-internal/zones/lan index e607632..8c867e3 100644 --- a/config/obr/nsd-internal/zones/lan +++ b/config/obr/nsd-internal/zones/lan @@ -5,7 +5,7 @@ $ORIGIN . $TTL 60 lan IN SOA obr.lan. root.obr.lan. ( - 2016123100 ; serial + 2017031000 ; serial 3h ; refresh 15m ; retry 2w ; expire @@ -33,6 +33,7 @@ eurohp1 A 192.168.1.17 eurobuild4 A 192.168.1.18 phone A 192.168.1.19 euromac A 192.168.1.20 +eurobuild5 A 192.168.1.21 wrt2 A 192.168.1.253 wrt1 A 192.168.1.254 iway-gateway A 83.150.2.1 diff --git a/config/obr/pf.conf b/config/obr/pf.conf index 0c6666f..d29aa8a 100644 --- a/config/obr/pf.conf +++ b/config/obr/pf.conf @@ -17,6 +17,8 @@ europa1 = 192.168.1.2 eeepc = 192.168.1.8 euroserver = 192.168.1.16 eurobuild3 = 192.168.1.12 +eurobuild4 = 192.168.1.18 +eurobuild5 = 192.168.1.21 eurodata = 192.168.1.9 euroweb = 192.168.1.15 rpmaster = 192.168.1.253 @@ -81,7 +83,7 @@ pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state \ pass on $DMZ_if all pass on $WLAN_if all -# relayd scrubbing +# relayd and bruteforce attack scrubbing pass in on $ext_if proto tcp from any to port 80 pass in on $ext_if proto tcp from any to port 443 @@ -100,6 +102,8 @@ pass in on $ext_if inet proto tcp to port 2121 divert-to 127.0.0.1 port 8022 pass out on $int_if inet proto tcp to $eurobuild3 port 2121 user proxy pass in on $ext_if proto tcp from any to port 2221 rdr-to $euroweb port 22 pass in on $ext_if proto tcp from any to port 2223 rdr-to $eurobuild3 port 22 +pass in on $ext_if proto tcp from any to port 2224 rdr-to $eurobuild4 port 22 +pass in on $ext_if proto tcp from any to port 2225 rdr-to $eurobuild5 port 22 pass in on $ext_if proto tcp from any to port 5900:5999 rdr-to $eurobuild3 pass in on $ext_if proto tcp from any to port 6881:6889 rdr-to $eurobuild3 pass in on $ext_if proto tcp from any to port 6001 rdr-to $europa1 port 6000 |