barefoot   Frontpage - Barefoot - Download - Usage - Status - Support - Modules - Docs - Links - Survey - GDPR

Barefoot configuration quick start

This page describes a simple server configuration for the Barefoot port bouncer.

Usage scenario

The configuration below has two rules that redirects the following services:

  • HTTP (TCP, port 80), to
  • DNS (UDP, port 53), to

These ports (port 80 and port 53) are bound on the external interface eth1. To bind these privileged ports, the server will need to be started as root. A user called barefoot should be created on the machine the Barefoot server runs on (except on Solaris, where Solaris capabilities are used instead of separate userids), so that this user will be used for unprivileged operations, i.e., most of the operations performed while the Barefoot server runs.

Logging will be done to the file /var/log/barefootd.log. In this case no access control is performed by the Barefoot server; all traffic to the two bound ports are forwarded regardless of the source or destination address.


logoutput: /var/log/barefootd.log
#debug: 1

#address specification (address Barefoot will use when bouncing/forwarding
#traffic to other hosts)
external: eth1

#server identities (not needed on Solaris)
user.privileged    : root
user.notprivileged : barefoot

## Barefoot rules

#bounce http to
client pass {
        from: to: eth1 port = http
        bounce to: port = http
        protocol: tcp
        log: connect disconnect error

#bounce dns to  In this case, only UDP-based DNS traffic
client pass {
        from: to: eth1 port = domain
        bounce to: port = domain
        protocol: udp
        log: connect disconnect error 

Copyright © 1998-2019 Inferno Nettverk A/S