src/share/ipf/firewall.1 - view

Return to firewall.1 CVS log

Up to [local] / src / share / ipf

File: [local] / src / share / ipf / Attic / firewall.1 (download)

Revision 1.3, Tue Mar 16 15:46:49 1999 UTC (25 years, 2 months ago) by kjell
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE, OPENBSD_2_9, OPENBSD_2_8_BASE, OPENBSD_2_8, OPENBSD_2_7_BASE, OPENBSD_2_7, OPENBSD_2_6_BASE, OPENBSD_2_6, OPENBSD_2_5_BASE, OPENBSD_2_5
Changes since 1.2: +1 -1 lines

Fix typo in 192.168 anti-spoofing rule; truman@research.suspicious.org

#
#  This is an example of a very light firewall used to guard against
#  some of the most easily exploited common security holes.
#
#  The example assumes it is running on a gateway with interface ppp0
#  attached to the outside world, and interface ed0 attached to
#  network 192.168.4.0 which needs to be protected.
#
#
#  Pass any packets not explicitly mentioned by subsequent rules
#
pass out from any to any
pass in from any to any
#
#  Block any inherently bad packets coming in from the outside world.
#  These include ICMP redirect packets and IP fragments so short the
#  filtering rules won't be able to examine the whole UDP/TCP header.
#
block in log quick on ppp0 proto icmp from any to any icmp-type redir
block in log quick on ppp0 proto tcp/udp all with short
#
#  Block any IP spoofing atempts.  (Packets "from" our network
#  shouldn't be coming in from outside).
#
block in log quick on ppp0 from 192.168.4.0/24 to any
block in log quick on ppp0 from localhost to any
block in log quick on ppp0 from 0.0.0.0/32 to any
block in log quick on ppp0 from 255.255.255.255/32 to any
#
#  Block any incoming traffic to NFS ports, to the RPC portmapper, and
#  to X servers.
#
block in log on ppp0 proto tcp/udp from any to any port = sunrpc
block in log on ppp0 proto tcp/udp from any to any port = 2049
block in log on ppp0 proto tcp from any to any port = 6000