| examples.txt (85213) | examples.txt (108533) |
|---|---|
| 1IP Filter Examples 2 3 [Image] Permissions 4 [Image] Interface 5 [Image] Netmasks and hosts 6 [Image] IP Protocols 7 [Image] IP Options 8 [Image] IP Fragments --- 336 unchanged lines hidden (view full) --- 345in brackets following the "return-icmp" directive: 346 347# 348# block all inbound UDP packets and send back an ICMP error. 349# 350block return-icmp (3) in proto udp from any to any port > 30000 351block return-icmp (port-unr) in proto udp from any to any port > 30000 352 | 1IP Filter Examples 2 3 [Image] Permissions 4 [Image] Interface 5 [Image] Netmasks and hosts 6 [Image] IP Protocols 7 [Image] IP Options 8 [Image] IP Fragments --- 336 unchanged lines hidden (view full) --- 345in brackets following the "return-icmp" directive: 346 347# 348# block all inbound UDP packets and send back an ICMP error. 349# 350block return-icmp (3) in proto udp from any to any port > 30000 351block return-icmp (port-unr) in proto udp from any to any port > 30000 352 |
| 353Those two examples are equivalent, and return a ICMP port unreachable error | 353Those two examples are equivalent, and return an ICMP port unreachable error |
| 354packet to in response to any UDP packet received destined for a port greater 355than 30,000. 356 ------------------------------------------------------------------------ 357 358Filtering IP Security Classes 359 360For users who have packets which contain IP security bits, filtering on the 361defined classes and authority levels is supported. Currently, filtering on --- 145 unchanged lines hidden (view full) --- 507above rule are processed by any group 100 rules. 508 509# Allow connections to the WWW server via ppp0. 510# 511pass in quick proto tcp from any to any port = WWW keep state group 100 512 513 ------------------------------------------------------------------------ 514Return to the IP Filter home page | 354packet to in response to any UDP packet received destined for a port greater 355than 30,000. 356 ------------------------------------------------------------------------ 357 358Filtering IP Security Classes 359 360For users who have packets which contain IP security bits, filtering on the 361defined classes and authority levels is supported. Currently, filtering on --- 145 unchanged lines hidden (view full) --- 507above rule are processed by any group 100 rules. 508 509# Allow connections to the WWW server via ppp0. 510# 511pass in quick proto tcp from any to any port = WWW keep state group 100 512 513 ------------------------------------------------------------------------ 514Return to the IP Filter home page |
| 515$FreeBSD: head/share/examples/ipfilter/examples.txt 85213 2001-10-20 04:17:07Z darrenr $ | 515$FreeBSD: head/share/examples/ipfilter/examples.txt 108533 2003-01-01 18:49:04Z schweikh $ |