TEXT   84

ipf rules

Guest on 30th June 2022 04:00:49 PM

  1. #
  2. # IP filtering rules.  See the ipf(5) man page for more
  3. # information on the format of this file, and /usr/share/ipf
  4. # for example configuration files.
  5. #
  6. # Pass all packets by default.
  7. # edit the ipfilter= line in /etc/rc.conf to enable IP filtering
  8. #
  9. # Old configuration
  10. #pass in from any to any
  11. #pass out from any to any
  12. #
  13. # Block all packets not adressed to your network
  14. block in quick on tl0 from any to !80.84.34.51
  15. # Block all Netbios pck. from localnetwork
  16. block in quick proto udp from any to any port = 137
  17. block in quick proto udp from any to any port = 138
  18. block in quick proto tcp from any to any port = 139
  19.  
  20. # Enable icmp for ping and traceroute
  21. pass in quick on tl0 proto icmp from any to 80.84.34.51 icmp-type 0 keep state
  22. pass in quick on tl0 proto icmp from any to 80.84.34.51 icmp-type 8 keep state
  23. pass in quick on tl0 proto icmp from any to 80.84.34.51 icmp-type 11 keep state
  24. pass in quick on tl0 proto udp from any to 80.84.34.51 port 33434 >< 33690 keep state
  25.  
  26. # Allow all IP through the loopback interface by the localhost
  27. pass in quick on lo0 from 127.0.0.1 to 127.0.0.1
  28. #
  29. # Allow all IP through the LAN interface from and to LAN adresses
  30. # from servernet to this computer
  31. pass in quick on ep1 from 192.168.1.0/24 to 192.168.1.42
  32. #pass out quick on ep1 from 192.168.1.42 to 192.168.1.0/24
  33. #pass out quick on ep1 proto udp from 192.168.1.42 to 80.84.34.51 port = 53 keep state
  34. #pass out quick on ep1 proto icmp from 192.168.1.42 to any keep state
  35. pass out quick on ep1 proto tcp from 192.168.1.42 to any keep state
  36. pass out quick on ep1 proto udp from 192.168.1.42 to any keep state
  37. pass out quick on ep1 proto icmp from 192.168.1.42 to any keep state
  38. #
  39. # Allow all ip through the bridge from the nat machine
  40. pass in quick on tl1 proto udp from 80.84.34.51 to any keep state
  41. pass in quick on tl1 proto tcp from 80.84.34.51 to any keep state
  42. pass in quick on tl1 proto icmp from 80.84.34.51 to any keep state
  43. #
  44.  
  45. # Allow SSH and HTTP through the bridge from the internet to the nat machine
  46. pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 22 flags S keep state
  47. pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 80 flags S keep state
  48. #
  49. # Add some more services
  50. pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 20 flags S keep state
  51. pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 21 flags S keep state
  52. pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 25 flags S keep state
  53. pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 53 flags S keep state
  54. pass in quick on tl0 proto udp from any to 80.84.34.51 port = 53 keep state
  55. pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 110 flags S keep state
  56. #
  57. # Block spamers
  58. #block in quick on tl0 from 212.181.124.2 to any
  59. #block in quick on tl0 from 212.181.124.3 to any
  60. block in quick on tl0 proto udp from any to any port = 1985
  61.  
  62. # Deny & log ip not allowed until this point
  63. block in log quick all

Raw Paste


Login or Register to edit or fork this paste. It's free.