Attachment 'pf_simple_firewall_http_ssh_server.conf.txt'

Download

   1 #external interface 
   2 EXT = "bge0"
   3 #internal LAN interface
   4 LAN = "bge1"
   5 #IPv4 address of LAN interface
   6 LANip4 = "192.168.1.1"
   7 #IPv6 address of LAN interface
   8 LANip6 = "2001:db8:1:1::1"
   9 #IPv4 address of external interface
  10 EXTip4 = "192.168.2.1
  11 #IPv6 address of external interface
  12 EXTip6 = "2001:db8:1:2::1"
  13 #IPv4 prefix on LAN interface
  14 LANnet4 = "192.168.1.0/24"
  15 #IPv6 prefix on LAN interface
  16 LANnet6 = "2001:db8:1:1::1/64"
  17 #loopback interfaces
  18 Lo4 = "127.0.0.1"
  19 Lo6 = "::1"
  20 #internal server address
  21 LANSRV6="2001:db8:1:2::2"
  22 LANSRV4="192.168.1.2"
  23 # expire state connections early
  24 set optimization aggressive
  25 block in log all
  26 # allow DNS requests to go out
  27 pass out on $EXT inet proto udp from {$EXTip4, $Lo4, $LANnet4} to any port=domain keep state
  28 pass out on $EXT inet6 proto udp from {$EXTip6, $Lo6, $LANnet6} to any port=domain keep state
  29 # all TCP request allowed out
  30 pass out on $EXT inet proto tcp from {EXTip4, $Lo4, $LANnet4} to any keep state
  31 pass out on $EXT inet6 proto tcp from {EXTip6, $Lo6, $LANnet6} to any keep state
  32 # all ping request allowed out
  33 pass out on $EXT inet proto icmp all icmp-type 8 code 0 keep state
  34 pass out on $EXT inet6 proto icmp6 all icmp6-type echoreq keep state
  35 # ND solicitation out
  36 pass out on $EXT inet6 proto icmp6 all icmp6-type {neighbradv, neighbrsol}
  37 # ND advertisement in
  38 pass in on $EXT inet6 proto icmp6 all icmp6-type {neighbradv, neighbrsol}
  39 #router advertisement out
  40 pass out on $LAN inet6 proto icmp6 all icmp6-type routersadv
  41 # router solicitation in
  42 pass in on $LAN inet6 proto icmp6 all icmp6-type routerrsol
  43 # DNS request inside
  44 pass in on $LAN inet proto from $LANnet4 to any port domain
  45 pass in on $LAN inet6 proto from $LANnet6 to any port domain
  46 # TCP request inside
  47 pass in on $LAN inet proto tcp from $LANnet4 to any
  48 pass in on $LAN inet6 proto tcp from $LANnet6 to any
  49 # ICMP request inside
  50 pass in on $LAN inet proto icmp all icmp-type 8 code
  51 pass in on $LAN inet6 proto icmp6 all icmp6-type
  52 #allow incoming connection to SSH server
  53 pass in on $EXT inet6 proto tcp from any to $LANSRV6 port=22 keep-state
  54 pass in on $EXT inet proto tcp from any to $LANSRV4 port=22 keep-state
  55 #all reply from SSH server (does not really necessary)
  56 pass in on $LAN inet6 proto tcp from $LANSRV6 port=22 to any keep-state
  57 pass in on $LAN inet proto tcp from $LANSRV4 port=22 to any keep-state
  58 #allow incoming connection to WWW server
  59 pass in on $EXT inet6 proto tcp from any to $LANSRV6 port=www keep-state
  60 pass in on $EXT inet proto tcp from any to $LANSRV4 port=www keep-state
  61 #all reply from WWW server (does not really necessary)
  62 pass in on $LAN inet6 proto tcp from $LANSRV6 port=www to any keep-state
  63 pass in on $LAN inet proto tcp from $LANSRV4 port=www to any

Attached Files

To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.
  • [get | view] (2006-08-18 08:50:22, 401.0 KB) [[attachment:6net_ipv6security.pdf]]
  • [get | view] (2006-08-18 15:11:33, 172.7 KB) [[attachment:IDS-and-IPv6.pdf]]
  • [get | view] (2006-08-21 14:23:53, 2.0 KB) [[attachment:ip6fw_client.conf.txt]]
  • [get | view] (2006-08-21 14:24:14, 4.9 KB) [[attachment:ip6fw_simple.conf.txt]]
  • [get | view] (2006-09-06 09:36:04, 6.9 KB) [[attachment:ip6tables.conf.txt]]
  • [get | view] (2006-08-21 11:21:57, 190.2 KB) [[attachment:ipv6_ciscoacl.pdf]]
  • [get | view] (2006-08-21 11:22:16, 182.5 KB) [[attachment:ipv6_ciscoacl_cisco.pdf]]
  • [get | view] (2006-08-21 10:51:13, 93.6 KB) [[attachment:ipv6_ip6fw.pdf]]
  • [get | view] (2006-08-21 10:16:25, 504.4 KB) [[attachment:ipv6_pf.pdf]]
  • [get | view] (2006-08-21 11:48:01, 250.2 KB) [[attachment:ipv6_windowsxp_firewall.pdf]]
  • [get | view] (2006-08-18 15:56:19, 0.7 KB) [[attachment:pf_boot_client.conf.txt]]
  • [get | view] (2006-08-21 10:38:01, 0.8 KB) [[attachment:pf_simple_client.conf.txt]]
  • [get | view] (2006-09-12 13:40:08, 2.7 KB) [[attachment:pf_simple_firewall_http_ssh_server.conf.txt]]
  • [get | view] (2006-09-12 13:36:25, 1.8 KB) [[attachment:pf_simple_firewall_noserver.conf.txt]]
 All files | Selected Files: delete move to page copy to page

You are not allowed to attach a file to this page.