|
1
|
#-------------------------------------------------------------------------
|
|
2
|
out_if = "vioif0"; # Name des Netzwerkinterface
|
|
3
|
|
|
4
|
pass out quick on lo0 all
|
|
5
|
pass in quick on lo0 all
|
|
6
|
|
|
7
|
#pass out quick on $out_if all
|
|
8
|
#pass in quick on $out_if all
|
|
9
|
|
|
10
|
# pass out quick on vioif0 all keep state
|
|
11
|
|
|
12
|
# TCP, UDP und ICMP hinauslassen
|
|
13
|
pass out on $out_if proto tcp from any to any flags S keep state keep frags
|
|
14
|
pass out on $out_if proto udp from any to any keep state
|
|
15
|
#pass out on $out_if proto icmp from any to any keep state
|
|
16
|
pass out on $out_if proto ipv6 from any to any keep state
|
|
17
|
pass out on $out_if proto ipv6-icmp from any to any
|
|
18
|
|
|
19
|
#
|
|
20
|
# ipf.conf
|
|
21
|
#
|
|
22
|
# IP Filter rules to be loaded during startup
|
|
23
|
#
|
|
24
|
# See ipf(4) manpage for more information on
|
|
25
|
# IP Filter rules syntax.
|
|
26
|
|
|
27
|
# Allow out ping to public Internet
|
|
28
|
#pass in quick on vioif0 proto icmp from any to any keep state
|
|
29
|
pass in quick on vioif0 proto ipv6 from any to any keep state
|
|
30
|
pass in quick on vioif0 proto ipv6-icmp from any to any
|
|
31
|
|
|
32
|
# dns stuff
|
|
33
|
pass in log proto tcp from any to any port = 53 keep state
|
|
34
|
pass in log proto udp from any to any port = 53 keep state
|
|
35
|
|
|
36
|
pass in quick on vioif0 proto udp from any to any port = 68 keep state
|
|
37
|
|
|
38
|
pass in quick on vioif0 proto udp from any to any port = 546 keep state
|
|
39
|
|
|
40
|
# Allow in standard www function because I have apache server
|
|
41
|
pass in quick on vioif0 proto tcp from any to any port = 80 flags S keep state
|
|
42
|
|
|
43
|
pass in quick on vioif0 proto tcp/udp from any to any port = 88 keep state
|
|
44
|
|
|
45
|
pass in quick on vioif0 proto udp from any to any port = 88 keep state
|
|
46
|
|
|
47
|
pass in quick on vioif0 proto udp from any to any port = 123 keep state
|
|
48
|
|
|
49
|
# Allow in standard www function because I have apache server
|
|
50
|
pass in quick on vioif0 proto tcp from any to any port = 443 flags S keep state
|
|
51
|
|
|
52
|
# Allow in secure FTP, Telnet, and SCP from public Internet
|
|
53
|
# This function is using SSH (secure shell)
|
|
54
|
pass in quick on vioif0 proto tcp from any to any port = 22 flags S keep state
|
|
55
|
|
|
56
|
# Block and log only first occurrence of all remaining traffic
|
|
57
|
# coming into the firewall. The logging of only the first
|
|
58
|
# occurrence stops a .denial of service. attack targeted
|
|
59
|
# at filling up your log file space.
|
|
60
|
# This rule enforces the block all by default logic.
|
|
61
|
block in log first quick on vioif0 all
|
|
62
|
################### End of rules file #####################################
|
|
63
|
|