mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-28 05:55:27 +01:00
50 lines
1.0 KiB
Plaintext
50 lines
1.0 KiB
Plaintext
|
#
|
||
|
# $Id:$
|
||
|
#
|
||
|
# An example of packet filter definition.
|
||
|
#
|
||
|
#
|
||
|
filterd:
|
||
|
#
|
||
|
# Don't dial with ICMP packet
|
||
|
#
|
||
|
set dfilter 0 deny icmp
|
||
|
set dfilter 1 permit 0/0 0/0
|
||
|
#
|
||
|
# Allow ident packet pass through
|
||
|
#
|
||
|
set ifilter 0 permit tcp dst eq 113
|
||
|
set ofilter 0 permit tcp src eq 113
|
||
|
#
|
||
|
# Allow telnet connection to the Internet
|
||
|
#
|
||
|
set ifilter 1 permit tcp src eq 23 estab
|
||
|
set ofilter 1 permit tcp dst eq 23
|
||
|
#
|
||
|
# Allow ftp access to the Internet
|
||
|
#
|
||
|
set ifilter 2 permit tcp src eq 21 estab
|
||
|
set ofilter 2 permit tcp dst eq 21
|
||
|
set ifilter 3 permit tcp src eq 20 dst gt 1023
|
||
|
set ofilter 3 permit tcp dst eq 20
|
||
|
#
|
||
|
# Allow access to DNS
|
||
|
#
|
||
|
set ifilter 4 permit udp src eq 53
|
||
|
set ofilter 4 permit udp dst eq 53
|
||
|
#
|
||
|
# Allow access from/to my company network
|
||
|
#
|
||
|
set ifilter 5 permit 192.244.191.0/24 0/0
|
||
|
set ofilter 5 permit 0/0 192.244.191.0/24
|
||
|
#
|
||
|
# Allow ping and traceroute response
|
||
|
#
|
||
|
set ifilter 6 permit icmp
|
||
|
set ofilter 6 permit icmp
|
||
|
set ifilter 7 permit udp dst gt 33433
|
||
|
set ofilter 7 permit udp dst gt 33433
|
||
|
#
|
||
|
# If none of above rules matches, then packet is blockd.
|
||
|
#
|