Project

General

Profile

Bug #14076 » ipf6.conf

Adrian Kieß, 2022-03-17 03:30 PM

 
1
#-------------------------------------------------------------------------
2
out_if = "vioif0";            # Name des Netzwerkinterface
3

    
4
pass out quick on lo0 all
5
pass in quick on lo0 all
6

    
7
#pass out quick on $out_if all
8
#pass in quick on $out_if all
9

    
10
# pass out quick on vioif0 all keep state
11

    
12
# TCP, UDP und ICMP hinauslassen
13
pass out on $out_if proto tcp from any to any flags S keep state keep frags
14
pass out on $out_if proto udp from any to any keep state
15
#pass out on $out_if proto icmp from any to any keep state
16
pass out on $out_if proto ipv6 from any to any keep state
17
pass out on $out_if proto ipv6-icmp from any to any
18

    
19
#
20
# ipf.conf
21
#
22
# IP Filter rules to be loaded during startup
23
#
24
# See ipf(4) manpage for more information on
25
# IP Filter rules syntax.
26

    
27
# Allow out ping to public Internet
28
#pass in quick on vioif0 proto icmp from any to any keep state
29
pass in quick on vioif0 proto ipv6 from any to any keep state
30
pass in quick on vioif0 proto ipv6-icmp from any to any
31

    
32
# dns stuff
33
pass in log proto tcp from any to any port = 53 keep state
34
pass in log proto udp from any to any port = 53 keep state
35

    
36
pass in quick on vioif0 proto udp from any to any port = 68 keep state
37

    
38
pass in quick on vioif0 proto udp from any to any port = 546 keep state
39

    
40
# Allow in standard www function because I have apache server
41
pass in quick on vioif0 proto tcp from any to any port = 80 flags S keep state
42

    
43
pass in quick on vioif0 proto tcp/udp from any to any port = 88 keep state
44

    
45
pass in quick on vioif0 proto udp from any to any port = 88 keep state
46

    
47
pass in quick on vioif0 proto udp from any to any port = 123 keep state
48

    
49
# Allow in standard www function because I have apache server
50
pass in quick on vioif0 proto tcp from any to any port = 443 flags S keep state
51

    
52
# Allow in secure FTP, Telnet, and SCP from public Internet
53
# This function is using SSH (secure shell)
54
pass in quick on vioif0 proto tcp from any to any port = 22 flags S keep state
55

    
56
# Block and log only first occurrence of all remaining traffic
57
# coming into the firewall. The logging of only the first
58
# occurrence stops a .denial of service. attack targeted
59
# at filling up your log file space.
60
# This rule enforces the block all by default logic.
61
block in log first quick on vioif0 all
62
################### End of rules file #####################################
63

    
(3-3/3)