rc.firewall (54108) | rc.firewall (56736) |
---|---|
1############ 2# Setup system for firewall service. | 1############ 2# Setup system for firewall service. |
3# $FreeBSD: head/etc/rc.firewall 54108 1999-12-04 01:27:51Z obrien $ | 3# $FreeBSD: head/etc/rc.firewall 56736 2000-01-28 11:30:28Z rgrimes $ |
4 5# Suck in the configuration variables. 6if [ -r /etc/defaults/rc.conf ]; then 7 . /etc/defaults/rc.conf 8elif [ -r /etc/rc.conf ]; then 9 . /etc/rc.conf 10fi 11 --- 93 unchanged lines hidden (view full) --- 105 106[Cc][Ll][Ii][Ee][Nn][Tt]) 107 ############ 108 # This is a prototype setup that will protect your system somewhat 109 # against people from outside your own network. 110 ############ 111 112 # set these to your network and netmask and ip | 4 5# Suck in the configuration variables. 6if [ -r /etc/defaults/rc.conf ]; then 7 . /etc/defaults/rc.conf 8elif [ -r /etc/rc.conf ]; then 9 . /etc/rc.conf 10fi 11 --- 93 unchanged lines hidden (view full) --- 105 106[Cc][Ll][Ii][Ee][Nn][Tt]) 107 ############ 108 # This is a prototype setup that will protect your system somewhat 109 # against people from outside your own network. 110 ############ 111 112 # set these to your network and netmask and ip |
113 net="192.168.4.0" | 113 net="192.0.2.0" |
114 mask="255.255.255.0" | 114 mask="255.255.255.0" |
115 ip="192.168.4.17" | 115 ip="192.0.2.1" |
116 117 # Allow any traffic to or from my own net. 118 ${fwcmd} add pass all from ${ip} to ${net}:${mask} 119 ${fwcmd} add pass all from ${net}:${mask} to ${ip} 120 121 # Allow TCP through if setup succeeded 122 ${fwcmd} add pass tcp from any to any established 123 --- 26 unchanged lines hidden (view full) --- 150 ############ 151 # This is a prototype setup for a simple firewall. Configure this 152 # machine as a named server and ntp server, and point all the machines 153 # on the inside at this machine for those services. 154 ############ 155 156 # set these to your outside interface network and netmask and ip 157 oif="ed0" | 116 117 # Allow any traffic to or from my own net. 118 ${fwcmd} add pass all from ${ip} to ${net}:${mask} 119 ${fwcmd} add pass all from ${net}:${mask} to ${ip} 120 121 # Allow TCP through if setup succeeded 122 ${fwcmd} add pass tcp from any to any established 123 --- 26 unchanged lines hidden (view full) --- 150 ############ 151 # This is a prototype setup for a simple firewall. Configure this 152 # machine as a named server and ntp server, and point all the machines 153 # on the inside at this machine for those services. 154 ############ 155 156 # set these to your outside interface network and netmask and ip 157 oif="ed0" |
158 onet="192.168.4.0" 159 omask="255.255.255.0" 160 oip="192.168.4.17" | 158 onet="192.0.2.0" 159 omask="255.255.255.240" 160 oip="192.0.2.1" |
161 162 # set these to your inside interface network and netmask and ip 163 iif="ed1" | 161 162 # set these to your inside interface network and netmask and ip 163 iif="ed1" |
164 inet="192.168.3.0" 165 imask="255.255.255.0" 166 iip="192.168.3.17" | 164 inet="192.0.2.16" 165 imask="255.255.255.240" 166 iip="192.0.2.17" |
167 168 # Stop spoofing 169 ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} 170 ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} 171 172 # Stop RFC1918 nets on the outside interface | 167 168 # Stop spoofing 169 ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} 170 ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} 171 172 # Stop RFC1918 nets on the outside interface |
173 ${fwcmd} add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} 174 ${fwcmd} add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} 175 ${fwcmd} add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} 176 ${fwcmd} add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} 177 ${fwcmd} add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} 178 ${fwcmd} add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} | 173 ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} 174 ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} 175 ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} 176 ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} 177 ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} 178 ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} |
179 | 179 |
180 # Stop draft-manning-dsua-01.txt nets on the outside interface 181 ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} 182 ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} 183 ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} 184 ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} 185 ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} 186 ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} 187 ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} 188 ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} 189 ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} 190 ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} 191 |
|
180 # Allow TCP through if setup succeeded 181 ${fwcmd} add pass tcp from any to any established 182 183 # Allow IP fragments to pass through 184 ${fwcmd} add pass all from any to any frag 185 186 # Allow setup of incoming email 187 ${fwcmd} add pass tcp from any to ${oip} 25 setup --- 36 unchanged lines hidden --- | 192 # Allow TCP through if setup succeeded 193 ${fwcmd} add pass tcp from any to any established 194 195 # Allow IP fragments to pass through 196 ${fwcmd} add pass all from any to any frag 197 198 # Allow setup of incoming email 199 ${fwcmd} add pass tcp from any to ${oip} 25 setup --- 36 unchanged lines hidden --- |