Project

General

Profile

Bug #14076 » ipf.conf

Adrian Kieß, 2022-03-17 03:30 PM

 
1
#-------------------------------------------------------------------------
2
out_if = "vioif0";            # Name des Netzwerkinterface
3

    
4
pass out quick on lo0 all
5
pass in quick on lo0 all
6

    
7
# pass out quick on vioif0 all keep state
8

    
9
# TCP, UDP und ICMP hinauslassen
10
pass out on $out_if proto tcp from any to any flags S keep state keep frags
11
pass out on $out_if proto udp from any to any keep state
12
pass out on $out_if proto icmp from any to any keep state
13

    
14
#
15
# ipf.conf
16
#
17
# IP Filter rules to be loaded during startup
18
#
19
# See ipf(4) manpage for more information on
20
# IP Filter rules syntax.
21

    
22
# Allow out ping to public Internet
23
pass in quick on vioif0 proto icmp from any to any keep state
24

    
25
# dns stuff
26
pass in log proto tcp from any to any port = 53 keep state
27
pass in log proto udp from any to any port = 53 keep state
28

    
29
pass in quick on vioif0 proto udp from any to any port = 68 keep state
30

    
31
pass in quick on vioif0 proto udp from any to any port = 546 keep state
32

    
33
# Allow in standard www function because I have apache server
34
pass in quick on vioif0 proto tcp from any to any port = 80 flags S keep state
35

    
36
pass in quick on vioif0 proto tcp/udp from any to any port = 88 keep state
37

    
38
pass in quick on vioif0 proto udp from any to any port = 88 keep state
39

    
40
pass in quick on vioif0 proto udp from any to any port = 123 keep state
41

    
42
# Allow in standard www function because I have apache server
43
pass in quick on vioif0 proto tcp from any to any port = 443 flags S keep state
44

    
45
# Allow in secure FTP, Telnet, and SCP from public Internet
46
# This function is using SSH (secure shell)
47
pass in quick on vioif0 proto tcp from any to any port = 22 flags S keep state
48

    
49
# Block and log only first occurrence of all remaining traffic
50
# coming into the firewall. The logging of only the first
51
# occurrence stops a .denial of service. attack targeted
52
# at filling up your log file space.
53
# This rule enforces the block all by default logic.
54
block in log first quick on vioif0 all
55
################### End of rules file #####################################
56

    
(2-2/3)