blob: c925ed98e2a0d289f482e52ca07ce56bb8dcf761 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#
# $FreeBSD$
#
# An example of packet filter definition.
#
#
filterd:
#
# Don't keep Alive with ICMP,DNS and RIP packet
#
set afilter 0 deny icmp
set afilter 1 deny udp src eq 53
set afilter 2 deny udp dst eq 53
set afilter 3 deny udp src eq 520
set afilter 4 deny udp dst eq 520
set afilter 5 permit 0/0 0/0
#
# Don't dial with ICMP packet
#
set dfilter 0 deny icmp
set dfilter 1 permit 0/0 0/0
#
# Allow ident packet pass through
#
set ifilter 0 permit tcp dst eq 113
set ofilter 0 permit tcp src eq 113
#
# Allow telnet connection to the Internet
#
set ifilter 1 permit tcp src eq 23 estab
set ofilter 1 permit tcp dst eq 23
#
# Allow ftp access to the Internet
#
set ifilter 2 permit tcp src eq 21 estab
set ofilter 2 permit tcp dst eq 21
set ifilter 3 permit tcp src eq 20 dst gt 1023
set ofilter 3 permit tcp dst eq 20
#
# Allow access to DNS
#
set ifilter 4 permit udp src eq 53
set ofilter 4 permit udp dst eq 53
#
# Allow access from/to my company network
#
set ifilter 5 permit 192.244.191.0/24 0/0
set ofilter 5 permit 0/0 192.244.191.0/24
#
# Allow ping and traceroute response
#
set ifilter 6 permit icmp
set ofilter 6 permit icmp
set ifilter 7 permit udp dst gt 33433
set ofilter 7 permit udp dst gt 33433
#
# If none of above rules matches, then packet is blockd.
#
|
