[geeks] ipf fun

Tim H. lists at pellucidar.net
Tue Jun 4 14:51:25 CDT 2002 

UGH As a general policy, if someone want to get to my stuff, then I am going to know what they are getting to.  I am much more comfortable allowing specific incoming, and blocking all.  Of course my firewall is a Linux 2.2 machine with ipchains, so my config wouldn't be much good, but I allow all outgoing block all incoming, and allow specific incoming, and where possible only allow specific IPs in, for instance my firewall needs to talk to sundial.columbia.edu (timeserver) so I allow that traffic from only that machine.  Of course I am also IPMasqing on that box, so even if I allowed traffic it wouldn't work past the firewall, but I am paranoid.

Tim

On Tue, 4 Jun 2002 12:09:55 -0500
Bill Bradford <mrbill at mrbill.net> wrote:

> On Tue, Jun 04, 2002 at 09:37:51AM -0700, Gary Nichols wrote:
> > Does anyone have an ipf config that they've used successfully and wouldn't 
> > mind sharing?    
> 
> Here's mine.
> 
> # block private address space - this shouldnt be hitting from outside
> block in quick on hme0 from 192.168.0.0/24 	to any
> block in quick on hme0 from 172.16.0.0/12  	to any
> block in quick on hme0 from 10.0.0.0/8		to any
> block in quick on hme0 from 127.0.0.0/8		to any
> block in quick on hme0 from 0.0.0.0/8		to any
> block in quick on hme0 from 169.254.0.0/16	to any
> block in quick on hme0 from 192.0.2.0/24	to any
> block in quick on hme0 from 204.152.64.0/23	to any
> block in quick on hme0 from 224.0.0.0/3		to any
> 
> # prevent smurf attacks
> block in quick on hme0 from any to 207.200.6.0/32
> block in quick on hme0 from any to 207.200.6.255/32
> block in quick on hme0 from 20.20.20.0/24 to any
> 
> # block rlogin
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 513
> # block rsh
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 514
> # block lpd
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 515
> # block telnet
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 23
> # block X11
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 6000
> # block syslog
> block in quick on hme0 proto udp from any to 207.200.6.75/32 port = 514
> # block portmap
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 111
> # block nfs
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 2049
> # block snmp 
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 161
> # block snmp-trap
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 162
> # block outside mysql
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 3306
> 
> # let everything else through
> pass in all
> 
> Bill
> 
> -- 
> Bill Bradford     
> mrbill at mrbill.net 
> Austin, TX        
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks

More information about the geeks mailing list