Re: /etc/ipf.conf - ipfilter
From: Nicolas de Bari Embriz G. R. (nbari_at_unixmexico.com)
Date: 12/20/03
- Previous message: Arie J. Gerszt: "/etc/ipf.conf - ipfilter"
- In reply to: Arie J. Gerszt: "/etc/ipf.conf - ipfilter"
- Next in thread: nanard: "Re: /etc/ipf.conf - ipfilter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "Arie J. Gerszt" <arie@gerszt.ch> Date: Fri, 19 Dec 2003 18:16:35 -0600
Hi, this is what i use hope this can give you an idea.
--- #----------------------------------------------------------------------- # Block all inbound traffic from non-routable or reserved address spaces #----------------------------------------------------------------------- # block in log quick on fxp0 from 192.168.0.0/16 to any #RFC 1918 private IP block in log quick on fxp0 from 172.16.0.0/12 to any #RFC 1918 private IP block in log quick on fxp0 from 10.0.0.0/8 to any #RFC 1918 private IP block in log quick on fxp0 from 127.0.0.0/8 to any #loopback block in log quick on fxp0 from 0.0.0.0/8 to any #loopback block in log quick on fxp0 from 169.254.0.0/16 to any #DHCP auto-config block in log quick on fxp0 from 192.0.2.0/24 to any #reserved for doc's block in log quick on fxp0 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on fxp0 from 224.0.0.0/3 to any #Class D & E multicast #--------------------------------------------- # pass ping from secure hosts to my host. #--------------------------------------------- pass out quick on fxp0 proto icmp from 32.11.234.123/32 to 23.122.12.243/32 icmp-type 0 pass out quick on fxp0 proto icmp from 32.11.234.123/32 to 200.57.40.53/32 icmp-type 0 pass in quick on fxp0 proto icmp from 23.122.12.243/32 to 32.11.234.123/32 icmp-type 8 pass in quick on fxp0 proto icmp from 200.57.40.53/32 to 32.11.234.123/32 icmp-type 8 pass out quick on fxp0 proto icmp from 32.11.234.123/32 to 23.122.12.243/32 icmp-type 3 pass out quick on fxp0 proto icmp from 32.11.234.123/32 to 200.57.40.53/32 icmp-type 3 pass out quick on fxp0 proto icmp from 32.11.234.123/32 to 23.122.12.243/32 icmp-type 1 pass out quick on fxp0 proto icmp from 32.11.234.123/32 to 200.57.40.53/32 icmp-type 1 #------------ # block pings #------------ block out quick on fxp0 proto icmp all icmp-type 0 block in quick on fxp0 proto icmp all icmp-type 8 block out quick on fxp0 proto icmp all icmp-type 3 block out quick on fxp0 proto icmp all icmp-type 16 #------------------- # bloquear Null cans #------------------- block in log quick on fxp0 proto tcp all flags / block in log quick on fxp0 proto tcp all flags FUP block in log quick on fxp0 all with ipopts #------------ # Pass all #------------ pass in from any to any pass out from any to any --- and on the sysctl.conf file i have this: net.inet.tcp.blackhole=1 net.inet.udp.blackhole=1 On Fri, 2003-12-19 at 15:17, Arie J. Gerszt wrote: > hi, > > i was just about to configure and fine tune mit /etc/ipf.conf and wondered, > what kind of settings you use on your servers. > > is anybody interested in exchanging about this topic? > > > thanks, > arie > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Arie J. Gerszt: "/etc/ipf.conf - ipfilter"
- In reply to: Arie J. Gerszt: "/etc/ipf.conf - ipfilter"
- Next in thread: nanard: "Re: /etc/ipf.conf - ipfilter"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
