more examples

diff --git a/etc/ipf.rules b/etc/ipf.rules
index f74c3fc..cfc081a 100644 (file)
--- a/etc/ipf.rules
+++ b/etc/ipf.rules
@@ -1,4 +1,4 @@
-#      $OpenBSD: ipf.rules,v 1.2 1996/05/26 10:25:24 deraadt Exp $
+#      $OpenBSD: ipf.rules,v 1.3 1997/02/26 04:36:34 kstailey Exp $
 #
 # IP filtering rules.  See the ipf(5) man page for more
 # information on the format of this file, and /usr/share/ipf
@@ -8,3 +8,9 @@
 #
 pass in from any to any
 pass out from any to any
+#
+# Prevent web server access, except to localhost which is using ip 10.1.1.3:
+#
+# block return-rst in proto tcp from any to any port = 80
+# pass in proto tcp from 127.0.0.0/8 to 127.0.0.0/8 port = 80
+# pass in proto tcp from 10.1.1.3 to 10.1.1.3 port = 80

diff --git a/share/ipf/nat.1 b/share/ipf/nat.1
index 9c26754..132583e 100644 (file)
--- a/share/ipf/nat.1
+++ b/share/ipf/nat.1
@@ -1,3 +1,7 @@
+# map all tcp connections from network 10 to the address of the first ppp0
+# interface
+map ppp0 10.0.0.0/8 -> ppp0/32 portmap tcp/udp 10000:20000
+
 # map all tcp connections from 10.1.0.0/16 to 240.1.0.1, changing the source
 # port number to something between 10,000 and 20,000 inclusive.  For all other
 # IP packets, allocate an IP # between 240.1.0.0 and 240.1.0.255, temporarily