[geeks] ipf fun

Tue Jun 4 12:09:55 CDT 2002

On Tue, Jun 04, 2002 at 09:37:51AM -0700, Gary Nichols wrote:
> Does anyone have an ipf config that they've used successfully and wouldn't 
> mind sharing?    

Here's mine.

# block private address space - this shouldnt be hitting from outside
block in quick on hme0 from 192.168.0.0/24 	to any
block in quick on hme0 from 172.16.0.0/12  	to any
block in quick on hme0 from 10.0.0.0/8		to any
block in quick on hme0 from 127.0.0.0/8		to any
block in quick on hme0 from 0.0.0.0/8		to any
block in quick on hme0 from 169.254.0.0/16	to any
block in quick on hme0 from 192.0.2.0/24	to any
block in quick on hme0 from 204.152.64.0/23	to any
block in quick on hme0 from 224.0.0.0/3		to any

# prevent smurf attacks
block in quick on hme0 from any to 207.200.6.0/32
block in quick on hme0 from any to 207.200.6.255/32
block in quick on hme0 from 20.20.20.0/24 to any

# block rlogin
block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 513
# block rsh
block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 514
# block lpd
block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 515
# block telnet
block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 23
# block X11
block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 6000
# block syslog
block in quick on hme0 proto udp from any to 207.200.6.75/32 port = 514
# block portmap
block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 111
# block nfs
block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 2049
# block snmp 
block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 161
# block snmp-trap
block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 162
# block outside mysql
block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 3306

# let everything else through
pass in all

Bill

-- 
Bill Bradford     
mrbill at mrbill.net 
Austin, TX        