File:  [NetBSD Developer Wiki] / wikisrc / nsps / ipf.conf
Revision 1.1: download - view: text, annotated - select for diffs
Sat May 25 21:27:45 2013 UTC (7 years, 4 months ago) by jdf
Branches: MAIN
CVS tags: HEAD
Add examples for NSPS article.

# sshd in from any
pass in quick on ep0 proto tcp from any to 216.68.250.60/32 port = 22 keep state

block in quick on any from 192.168.0.0/16 to any
block in quick on any from 10.0.0.0/8 to any
block in quick on any from 127.0.0.0/8 to any
block in quick on any from 0.0.0.0/8 to any
block in quick on any from 169.254.0.0/16 to any
block in quick on any from 192.0.2.0/24 to any 
block in quick on any from 204.152.64.0/23 to any
block in quick on any from 224.0.0.0/3 to any

# pass out as if we were a single internet client
pass out quick on ep0 proto tcp from 216.68.250.60/32 to any keep state
pass out quick on ep0 proto udp from 216.68.250.60/32 to any keep state
pass out quick on ep0 proto icmp from 216.68.250.60/32 to any keep state

# dns stuff
pass in log quick proto tcp from any to any port = 53 keep state
pass in log quick proto udp from any to any port = 53 keep state

# pass thru www and ftp
pass in log quick proto tcp from any to any port = www keep state
pass in quick proto tcp from any to any port = ftp keep state
pass in quick proto tcp from any to any port = ftp-data keep state
pass in quick proto tcp from any port = ftp-data to any port > 1023 keep state
pass in log quick proto icmp all keep state


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb