FreeBSD做服务器,要实现从哪个网卡进来的连接请求,返回时还从哪个网卡出去。这样可以让客户端自己选择线路,无需收集路由表。
ee /etc/rc.conf
pf_enable="YES"
pf_rules="/etc/pf.conf"
//启用PF
defaultrouter="192.168.1.1"
//这个是本机自己发起连接的默认路由
ee /etc/pf.conf
if_cernet="em0"
if_ct="em1"
gw_cernet="192.168.1.1"
gw_ct="192.168.0.1"
block all
pass quick on lo0 all
pass in quick on $if_cernet reply-to ( $if_cernet $gw_cernet ) proto {tcp,udp,icmp} to any keep state
pass in quick on $if_ct reply-to ( $if_ct $gw_ct ) proto {tcp,udp,icmp} to any keep state
pass out keep state
0 Responses to “使用PF实现基于来源的策略路由”