Hey'
I'd like to write a firewall howto since firewalling is a major factor in
the supply problem. I use an old 486-100 running OpenBSD as my router so
I can supply PF rules but of course iptables rules would be useful to a
few more people . So I'd like to collect well commented rules for various
firewalls - netfilter, ipf, NAT, stand-alone (no NAT), maybe a couple of
browser configured DLink types...
Obfuscate your IP numbers if necessary.
For example, here are my PF rules:
# This firewall is on a 486 running OpenBSD
# That sits between my ADSL connection
# and my LAN
## Macros
########
# External interface
if_ext = "ep0"
# gtkg "Listen port"
port_gnet = "9746"
# Sometimes I run another instance for testing.
port_gnet2 = "8436"
# The range of ip's on my lan.
ip_lan = "192.168.0.0/29"
# This is the machine on my lan that runs gtkg
ip_workstation = "192.168.0.2"
# Redirect (Port Forwarding)
######################
# gnutella
rdr on $if_ext inet proto tcp from any to $if_ext port $port_gnet -> \
$ip_workstation port $port_gnet
rdr on $if_ext inet proto tcp from any to $if_ext port $port_gnet2 -> \
$ip_workstation port $port_gnet2
# NAT (Network Address Translation)
#############################
nat on $if_ext inet from $ip_lan to any -> $if_ext
# Filters
#########
# Block by default and log blocked packets.
block in log on $if_ext all
# Silently block Shareaza's non-standard UDP G2 packets.
block in quick on $if_ext proto udp from any to any port { $port_gnet
$port_gnet2 }
# Allow incoming gnutella connections.
pass in on $if_ext inet proto tcp from any to $ip_workstation port {
$port_gnet $port_gnet2 } \
flags S/SAFR keep state
# Allow all outgoing connections and keep state
pass out on $if_ext proto tcp all modulate state
# end
--
Murphy (eqom14)
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Gtk-gnutella-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
