Estou com um problema aqui na empresa com uma maquina freebsd 7 que parou, ela
era o firewall da empresa e dhcp, agora estamos sem, eu estou precisando das
regras que essa maquina tinha no firewall e depois de alguma pesquisa consegui
algo com:
# pfctl -sn Mostra as regras atuais de NAT
# pfctl -sr Mostra as regras atuais de filtragem
Nao consegui localizar o script de firewall, acho que quem configurou mudou os
padroes, como eu poderia localizar ?Sera que com esses comandos eu obtive tudo
que precisava? Alguem poderia me ajudar a traduzir o que foi apresentado,alguma
coisa intendi.Com os comandos acima obtive as seguintes respostas
respectivamente:# pfctl -sn Mostra as regras atuais de NAT:
nat-anchor "pftpx/*" allnat-anchor "natearly/*" allnat-anchor "natrules/*"
allnat on xl0 inet from 10.0.0.0/24 port = isakmp to any port = isakmp -> (ng0)
port 500 round-robinnat on ng0 inet from 10.0.0.0/24 port = isakmp to any port
= isakmp -> (ng0) port 500 round-robinnat on xl0 inet from 10.0.0.0/24 port =
5060 to any port = 5060 -> (ng0) port 5060 round-robinnat on ng0 inet from
10.0.0.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robinnat on
xl0 inet from 10.0.0.0/24 to any -> (ng0) port 1024:65535 round-robinnat on ng0
inet from 10.0.0.0/24 to any -> (ng0) port 1024:65535 round-robinrdr-anchor
"pftpx/*" allrdr-anchor "slb" allno rdr on xl1 proto tcp from any to <vpns>
port = ftprdr on xl1 inet proto tcp from any to any port = ftp -> 127.0.0.1
port 8021rdr on ng0 inet proto tcp from any to any port = 5901 -> 10.0.0.10rdr
on ng0 inet proto tcp from any to any port = 8089 -> 10.0.0.10 port 8000rdr on
ng0 inet proto tcp from any to any port = http -> 10.0.0.10 port 8080rdr on ng0
inet proto tcp from any to any port = 2222 -> 10.0.0.10 port 22rdr-anchor
"imspector" allrdr-anchor "miniupnpd" all# pfctl -sr Mostra as
regras atuais de filtragemscrub all random-id max-mss 1452 fragment
reassembleanchor "ftpsesame/*" allanchor "firewallrules" allblock drop quick
proto tcp from any port = 0 to anyblock drop quick proto tcp from any to any
port = 0block drop quick proto udp from any port = 0 to anyblock drop quick
proto udp from any to any port = 0block drop quick from <snort2c> to any label
"Block snort2c hosts"block drop quick from any to <snort2c> label "Block
snort2c hosts"block drop in quick inet6 allblock drop out quick inet6 allanchor
"loopback" allpass in quick on lo0 all flags S/SA keep state label "pass
loopback"pass out quick on lo0 all flags S/SA keep state label "pass
loopback"anchor "packageearly" allanchor "carp" allanchor "dhcpserverlan"
allpass in quick on xl1 inet proto udp from any port = bootpc to
255.255.255.255 port = bootps keep state label "allow access to DHCP server on
LAN"pass in quick on xl1 inet proto udp from any port = bootpc to 10.0.0.1 port
= bootps keep state label "allow access to DHCP server on LAN"pass out quick on
xl1 inet proto udp from 10.0.0.1 port = bootps to any port = bootpc keep state
label "allow access to DHCP server on LAN"block drop in log quick on xl0 inet
proto udp from any port = bootps to 10.0.0.0/24 port = bootpc label "block dhcp
client out wan"block drop in log quick on ng0 inet proto udp from any port =
bootps to 10.0.0.0/24 port = bootpc label "block dhcp client out wan"block drop
in on ! xl1 inet from 10.0.0.0/24 to anyblock drop in inet from 10.0.0.1 to
anyblock drop in on xl1 inet6 from fe80::260:8cff:fef1:879e to anyanchor
"spoofing" allanchor "spoofing" allblock drop in on xl0 inet6 from
fe80::260:8cff:fef1:8800 to anyblock drop in log quick on xl0 inet from
10.0.0.0/8 to any label "block private networks from wan block 10/8"block drop
in log quick on ng0 inet from 10.0.0.0/8 to any label "block private networks
from wan block 10/8"block drop in log quick on xl0 inet from 127.0.0.0/8 to any
label "block private networks from wan block 127/8"block drop in log quick on
ng0 inet from 127.0.0.0/8 to any label "block private networks from wan block
127/8"block drop in log quick on xl0 inet from 172.16.0.0/12 to any label
"block private networks from wan block 172.16/12"block drop in log quick on ng0
inet from 172.16.0.0/12 to any label "block private networks from wan block
172.16/12"block drop in log quick on xl0 inet from 192.168.0.0/16 to any label
"block private networks from wan block 192.168/16"block drop in log quick on
ng0 inet from 192.168.0.0/16 to any label "block private networks from wan
block 192.168/16"anchor "limitingesr" allblock drop in quick from <virusprot>
to any label "virusprot overload table"anchor "wanbogons" allblock drop in log
quick on xl0 from <bogons> to any label "block bogon networks from wan"block
drop in log quick on ng0 from <bogons> to any label "block bogon networks from
wan"pass out quick on xl1 proto icmp all keep state label "let out anything
from firewall host itself"pass out quick on xl0 proto icmp all keep state label
"let out anything from firewall host itself"pass out quick on ng0 proto icmp
all keep state label "let out anything from firewall host itself"pass out quick
on ng0 all flags S/SA keep state (tcp.closed 5) label "let out anything from
firewall host itself"anchor "firewallout" allpass out quick on xl0 all flags
S/SA keep state label "let out anything from firewall host itself"pass out
quick on ng0 all flags S/SA keep state label "let out anything from firewall
host itself"pass out quick on xl1 all flags S/SA keep state label "let out
anything from firewall host itself"pass out quick on enc0 all flags S/SA keep
state label "IPSEC internal host to host"pass out quick on ng0 proto icmp all
keep state (tcp.closed 5) label "let out anything from firewall host
itself"anchor "anti-lockout" allpass in quick on xl1 inet from any to 10.0.0.1
flags S/SA keep state label "anti-lockout web rule"block drop in log quick
proto tcp from <sshlockout> to any port = ssh label "sshlockout"anchor
"ftpproxy" allanchor "pftpx/*" allpass in quick on xl0 inet proto tcp from any
to 10.0.0.10 port = 5901 flags S/SA keep state label "USER_RULE: NAT VNC
Appserver"pass in quick on ng0 inet proto tcp from any to 10.0.0.10 port = 5901
flags S/SA keep state label "USER_RULE: NAT VNC Appserver"pass in quick on xl0
inet proto tcp from any to 10.0.0.10 port = 8000 flags S/SA keep state label
"USER_RULE: NAT SQL Admin"pass in quick on ng0 inet proto tcp from any to
10.0.0.10 port = 8000 flags S/SA keep state label "USER_RULE: NAT SQL
Admin"pass in quick on xl0 inet proto tcp from any to 10.0.0.10 port = 8080
flags S/SA keep state label "USER_RULE: NAT RC Appserver"pass in quick on ng0
inet proto tcp from any to 10.0.0.10 port = 8080 flags S/SA keep state label
"USER_RULE: NAT RC Appserver"pass in quick on xl0 inet proto tcp from any to
10.0.0.10 port = ssh flags S/SA keep state label "USER_RULE: NAT SSH
(Appserver)"pass in quick on ng0 inet proto tcp from any to 10.0.0.10 port =
ssh flags S/SA keep state label "USER_RULE: NAT SSH (Appserver)"pass in quick
on xl1 inet from 10.0.0.0/24 to any flags S/SA keep state label "USER_RULE:
Default LAN -> any"pass in quick on xl1 inet proto tcp from any to 127.0.0.1
port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to
localhost"pass in quick on xl1 inet proto tcp from any to 127.0.0.1 port = ftp
flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"pass in
quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000
flags S/SA keep state label "FTP PROXY: PASV mode data connection"anchor
"imspector" allanchor "miniupnpd" allblock drop in log quick all label "Default
deny rule"block drop out log quick all label "Default deny rule"Att,Pedro de
Almeida
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
