[geeks] ipf fun

Gary Nichols gary at linuxforce.org
Tue Jun 4 15:07:50 CDT 2002


Thanks Bill!

On Tue, 4 Jun 2002, Bill Bradford wrote:

> On Tue, Jun 04, 2002 at 09:37:51AM -0700, Gary Nichols wrote:
> > Does anyone have an ipf config that they've used successfully and wouldn't 
> > mind sharing?    
> 
> Here's mine.
> 
> # block private address space - this shouldnt be hitting from outside
> block in quick on hme0 from 192.168.0.0/24 	to any
> block in quick on hme0 from 172.16.0.0/12  	to any
> block in quick on hme0 from 10.0.0.0/8		to any
> block in quick on hme0 from 127.0.0.0/8		to any
> block in quick on hme0 from 0.0.0.0/8		to any
> block in quick on hme0 from 169.254.0.0/16	to any
> block in quick on hme0 from 192.0.2.0/24	to any
> block in quick on hme0 from 204.152.64.0/23	to any
> block in quick on hme0 from 224.0.0.0/3		to any
> 
> # prevent smurf attacks
> block in quick on hme0 from any to 207.200.6.0/32
> block in quick on hme0 from any to 207.200.6.255/32
> block in quick on hme0 from 20.20.20.0/24 to any
> 
> # block rlogin
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 513
> # block rsh
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 514
> # block lpd
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 515
> # block telnet
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 23
> # block X11
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 6000
> # block syslog
> block in quick on hme0 proto udp from any to 207.200.6.75/32 port = 514
> # block portmap
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 111
> # block nfs
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 2049
> # block snmp 
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 161
> # block snmp-trap
> block in quick on hme0 proto tcp/udp from any to 207.200.6.75/32 port = 162
> # block outside mysql
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 3306
> 
> # let everything else through
> pass in all
> 
> Bill
> 
> 

-- 
++++++++++++++++++++++++++++++++++++
Gary Nichols     gary(AT)linuxforce.org
http://www.linuxchimp.com



More information about the geeks mailing list