i have bsd machine run as gateway + proxy ( running for internet acces
n dns forom my lan )
i want create rule , all internet request by proxy working fine , but
i see in pftop some protocol such as p2p aplication pass my gateway ,
how to block it .
p2p=edonkey and bittorent
bellow my script pf
ext_if=xl0
int_if=xl1
int_ip=127.0.0.1
ip_limited=192.168.0.50
tcp_allow={ 22, 80, 8080, 443, 113}
udp_allow={ 53, 113}
icmp_types=echoreq
set block-policy return
set skip on lo
scrub all
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $int_if proto tcp to port 80 - $int_ip port 8080
rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 110 - 192.168.0.1
block all
pass out keep state
pass in on $ext_if inet proto tcp from any to {$ext_if} \
port $tcp_allow flags S/SA keep state
pass in on $ext_if inet proto udp from any to {$ext_if} \
port $udp_allow keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if
-sonjaya-