Annotation of src/share/ipf/example.11, Revision 1.2
1.2 ! kjell 1: # For this example, "foo" has an IP address of 10.2.2.2
1.1 dm 2: #
3: # allow any TCP packets from the same subnet as foo is on through to host
4: # 10.1.1.2 if they are destined for port 6667.
5: #
1.2 ! kjell 6: pass in proto tcp from 10.2.2.2/24 to 10.1.1.2/32 port = 6667
1.1 dm 7: #
8: # allow in UDP packets which are NOT from port 53 and are destined for
9: # localhost
10: #
1.2 ! kjell 11: pass in proto udp from 10.2.2.2 port != 53 to localhost
1.1 dm 12: #
13: # block anything trying to get to X terminal ports, X:0 to X:9
14: #
15: block in proto tcp from any to any port 5999 >< 6010
16: #
17: # allow any connections to be made, except to BSD print/r-services
18: # this will also protect syslog.
19: #
20: block in proto tcp/udp all
21: pass in proto tcp/udp from any to any port 512 <> 515
22: #
23: # allow any connections to be made, except to BSD print/r-services
24: # this will also protect syslog.
25: #
26: pass in proto tcp/udp all
27: block in proto tcp/udp from any to any port 511 >< 516
![[BACK]](/icons/back.gif){kind=icon}
Return to example.11 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / share / ipf