File:  [NetBSD Developer Wiki] / wikisrc / nsps / ipf.conf
Revision 1.1: download - view: text, annotated - select for diffs
Sat May 25 21:27:45 2013 UTC (7 years, 4 months ago) by jdf
Branches: MAIN
CVS tags: HEAD
Add examples for NSPS article.

    1: # sshd in from any
    2: pass in quick on ep0 proto tcp from any to 216.68.250.60/32 port = 22 keep state
    3: 
    4: block in quick on any from 192.168.0.0/16 to any
    5: block in quick on any from 10.0.0.0/8 to any
    6: block in quick on any from 127.0.0.0/8 to any
    7: block in quick on any from 0.0.0.0/8 to any
    8: block in quick on any from 169.254.0.0/16 to any
    9: block in quick on any from 192.0.2.0/24 to any 
   10: block in quick on any from 204.152.64.0/23 to any
   11: block in quick on any from 224.0.0.0/3 to any
   12: 
   13: # pass out as if we were a single internet client
   14: pass out quick on ep0 proto tcp from 216.68.250.60/32 to any keep state
   15: pass out quick on ep0 proto udp from 216.68.250.60/32 to any keep state
   16: pass out quick on ep0 proto icmp from 216.68.250.60/32 to any keep state
   17: 
   18: # dns stuff
   19: pass in log quick proto tcp from any to any port = 53 keep state
   20: pass in log quick proto udp from any to any port = 53 keep state
   21: 
   22: # pass thru www and ftp
   23: pass in log quick proto tcp from any to any port = www keep state
   24: pass in quick proto tcp from any to any port = ftp keep state
   25: pass in quick proto tcp from any to any port = ftp-data keep state
   26: pass in quick proto tcp from any port = ftp-data to any port > 1023 keep state
   27: pass in log quick proto icmp all keep state
   28: 

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb