to any port = 23 flags S
keep state
# Allow out FBSD CVSUP function
pass out quick on dc0 proto tcp from any to any port = 5999 flags S
keep state
# Allow out all icmp to public Internet
pass out quick on dc0 proto icmp from any to any keep state
# Allow out all ident to public Internet
#block out quick on dc0 proto tcp from any to any port = 113
# Allow out whois for LAN PC to public Internet
pass out quick on dc0 proto tcp from any to any port = 43 flags S
keep state
# block ports that show on log and are ok to stop logging
# Deny tcp port 81 - hosts2 name server. winme is doing this.
block out quick on dc0 proto tcp from any to any port = 81
# Block and log only the first occurrence of everything
# else that's trying to get out.
# This rule enforces the block all by default logic.
block out log first quick on dc0 all
#
# Interface facing Public internet (Inbound Section)
# Interrogate packets originating from the public internet
# destine for this gateway server or the private network.
#
# Block all inbound traffic from non-routable or reserved address
spaces
block in quick on dc0 from 192.168.0.0/16 to any #RFC 1918 private
IP
block in quick on dc0 from 172.16.0.0/12 to any #RFC 1918 private
IP
block in quick on dc0 from 10.0.0.0/8 to any #RFC 1918 private
IP
block in quick on dc0 from 127.0.0.0/8 to any #loopback
block in quick on dc0 from 0.0.0.0/8 to any #loopback
block in quick on dc0 from 169.254.0.0/16 to any #DHCP auto-config
block in quick on dc0 from 192.0.2.0/24to any #reserved for
doc's
block in quick on dc0 from 204.152.64.0/23 to any #Sun cluster
interconnect
block in quick on dc0 from 224.0.0.0/3 to any #Class D E
multicast
# Block a bunch of different nasty things.
# That I don't want to see in the log
# Block frags
block in quick on dc0 all with frags
# Block short tcp packets
block in quick on dc0 proto tcp all with short
# block source routed packets
block in quick on dc0 all with opt lsrr
block in quick on dc0 all with opt ssrr
# Block nmap OS fingerprint attempts
# Log first occurrence of these so I can get their IP address
block in log first quick on dc0 proto tcp from any to any flags FUP
# Block anything with special options
block in quick on dc0 all with ipopts
# Block public pings
block in quick on dc0 proto icmp all icmp-type 8
# Block ident
#block in quick on dc0 proto tcp from any to any port = 113
# Block all Netbios service. 137=name, 138=datagram, 139=session
# Netbios is MS/Windows sharing services.
# Block MS/Windows hosts2 name server requests 81
block in log first quick on dc0 proto tcp/udp from any to any port =
137
block in log first quick on dc0 proto tcp/udp from any to any port =
138
block in log first quick on dc0 proto tcp/udp from any to any port =
139
block in log first quick on dc0 proto tcp/udp from any to any port =
81
# Allow traffic in from ISP's DHCP server. This rule must contain
# the IP address of your ISP's DHCP server as it's the only
# authorized source to send this packet type. Only necessary for
# cable or DSL configurations. This rule is not needed for
# 'user ppp' type connection to the public internet.
# This is the same IP address you captured and
# used in the outbound section.
pass in quick on dc0 proto udp from 168.170.21.152 to any port = 68
keep state
# Allow in standard www function because I have apache server
#pass in quick on dc0 proto tcp from any to any port = 80 flags S
keep state
# Allow in non-secure Telnet session from public Internet
# labeled non-secure because ID PW are passed over public internet
as clear text.
# Delete this sample group if you do not have telnet server enabled.
#pass in quick on dc0 proto tcp from any to any port = 23 flags S
keep state
# Allow in secure FTP, Telnet, and SCP from public Internet
# This function is using SSH (secure shell)
#pass in quick on dc0 proto tcp from any to any port = 22 flags S
keep state
# Block and log only first occurrence of all remaining traffic
# coming into the firewall. The logging of only the first
# occurrence stops an 'denial of service' attack targeted
# at filling up your log file space.
# This rule enforces the block all by default logic.
block in log first quick on dc0 all
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Robert
Storey
Sent: Sunday, April 25, 2004 9:56 AM
To: [EMAIL PROTECTED]
Subject: installing ipfilter
I wanted to do some experimenting with ipfilter, and strangely, I
can't figure
out how to install it.
It doesn't seem to be installed. If I do which ipfilter or man
ipfilter,
there's no indication of its existence. I tried locate ipfilter, I
do find
this:
/usr/share/examples/ipfilter
/usr/src/contrib/ipfilter
Neither of these appear to be what I need. I've looked in
/usr/ports, and can't