[geeks] ipf fun
Gary Nichols
gary at linuxforce.org
Tue Jun 4 15:07:50 CDT 2002
Thanks Bill!
On Tue, 4 Jun 2002, Bill Bradford wrote:
> On Tue, Jun 04, 2002 at 09:37:51AM -0700, Gary Nichols wrote:
> > Does anyone have an ipf config that they've used successfully and wouldn't
> > mind sharing?
>
> Here's mine.
>
> # block private address space - this shouldnt be hitting from outside
> block in quick on hme0 from 192.168.0.0/24 to any
> block in quick on hme0 from 172.16.0.0/12 to any
> block in quick on hme0 from 10.0.0.0/8 to any
> block in quick on hme0 from 127.0.0.0/8 to any
> block in quick on hme0 from 0.0.0.0/8 to any
> block in quick on hme0 from 169.254.0.0/16 to any
> block in quick on hme0 from 192.0.2.0/24 to any
> block in quick on hme0 from 204.152.64.0/23 to any
> block in quick on hme0 from 224.0.0.0/3 to any
>
> # prevent smurf attacks
> block in quick on hme0 from any to 207.200.6.0/32
> block in quick on hme0 from any to 207.200.6.255/32
> block in quick on hme0 from 20.20.20.0/24 to any
>
> # block rlogin
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 513
> # block rsh
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 514
> # block lpd
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 515
> # block telnet
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 23
> # block X11
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 6000
> # block syslog
> block in quick on hme0 proto udp from any to 207.200.6.75/32 port = 514
> # block portmap
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 111
> # block nfs
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 2049
> # block snmp
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 161
> # block snmp-trap
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 162
> # block outside mysql
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 3306
>
> # let everything else through
> pass in all
>
> Bill
>
>
--
++++++++++++++++++++++++++++++++++++
Gary Nichols gary(AT)linuxforce.org
http://www.linuxchimp.com
More information about the geeks
mailing list