# Exemplo de config uso de VPN e controle de banda feita por cooler
#Config by Cooler for VPN conections"
#Primeiramente as macros
#show de bola macros nas configs
if_ppp="tun0";
if_int="tun2";
if_vpn="tun1";
ip_Juquinha="195.56.55.204";
ip_otario="192.168.2.1";
tcp_outdeny="{25}" #tabelas ips da rede etc
table persist { 10.1.0.0/16, 10.2.0.0/16, 10.3.0.0/16, 127.0.0.1/8,$
table persist { 10.1.0.0/16, 10.3.0.0/16, 192.168.2.1/32 } #opções de config
set block-policy return
set debug none
set limit frags 4096
set state-policy floating
# scrub filtra pacotes mal formados etc"
scrub in on $if_ppp all fragment reassemble
scrub in on $if_int all no-df
scrub on $if_ppp all random-id
#esta parte é para dar limite na banda em serviços"
altq on $if_ppp hfsc bandwidth 170Kb queue { std, ssh, http, ack, vpn, stdack}
queue std bandwidth 16% priority 0 hfsc (default realtime 32Kb upperlimit 170Kb)
queue ssh bandwidth 16% priority 5 hfsc (realtime 32Kb upperlimit 160Kb )
queue http bandwidth 16% priority 2 hfsc (realtime 16Kb upperlimit 160Kb )
queue stdack bandwidth 16% priority 5 hfsc ( realtime 8Kb upperlimit 160Kb)
queue vpn bandwidth 16% priority 6 hfsc ( realtime 16Kb upperlimit 170Kb)
queue ack bandwidth 16% priority 7 hfsc ( realtime 8Kb upperlimit 160Kb)
# configuração do NAT
nat on $if_ppp from {10.1.0.0/16, 127.0.0.1, $ip_otario} to 0.0.0.0/0 -> ($if_ppp:0)
# Dá uma redirecionada no tráfego de pacotes
rdr on $if_int proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $if_ppp inet proto {tcp,udp} to port 60050 -> 10.1.0.1 port 60050
rdr on $if_ppp inet proto {tcp,udp} to port 60150 -> 10.1.0.1 port 60150
rdr pass on {$if_int, $if_vpn, lo0 } inet proto tcp from any to 10.1.0.254 port 80 -> $ip_otario port 80
#rdr on $if_ppp inet proto udp to port 6881 -> 10.1.0.1 port 6881
rdr pass on $if_ppp proto tcp to port 8010 -> 10.1.0.1 port 8010
# filtra tudo da macro exp e loga
block in log on $if_ppp all
#Comunicação com o Host
pass in quick on lo0
pass out quick on lo0
pass out on $if_ppp from any to any queue (std, stdack)
# Habilita VPN
pass in quick on $if_ppp proto udp from $ip_Juquinha port 5000
pass out quick on $if_ppp proto udp to $ip_Juquinha port 5000 keep state queue (vpn)
#bloqueio de algumas flags
pass out quick on $if_ppp proto tcp from any to port 22 flags S/SA keep state queue (ssh, ack)
pass out quick on $if_ppp proto tcp from any to port {80,443} flags S/SA keep state queue (http,
ack)
# configurando o tráfego
pass out quick on $if_ppp flags S/SA keep state
pass out quick on $if_ppp proto udp keep state
pass out quick on $if_ppp proto {icmp,igmp} keep state
# Habilita o proxy do FTP
pass in quick on $if_ppp inet proto tcp from any to ($if_ppp:0) user proxy keep state
# Habilita torrent
#pass in quick on $if_ppp proto tcp to port 50100:51000 keep state #depende da porta..
pass in quick on $if_ppp proto {udp,tcp} to port 60050
pass in quick on $if_ppp proto {udp,tcp} to port 60150
pass out quick on $if_ppp proto tcp from port 60150 to any keep state queue(std, stdack)
# bloqueia algumas conexões
block out quick on $if_ppp proto tcp from port $tcp_outdeny to any