This rules seem to me senseless block out on ed0 all head 3 pass out quick on ed0 all group 3
block in on ed0 all head 4 pass in quick on ed0 all group 4 block out on lo0 all head 5 pass out quick on lo0 all group 5 block in on lo0 all head 6 pass in quick on lo0 all group 6 block out on lp0 all head 7 pass out quick on lp0 all group 7 block in on lp0 all head 8 pass in quick on lp0 all group 8 Cheers Tom On Sun, 20 Mar 2005 23:31:37 -0800 (PST), bsdboy <[EMAIL PROTECTED]> wrote: > Hi, i have done my rules with IPFILTER v3.4.35 on Freebsd 4.11 Release. > This rules are only to let the users: > --no serves on any client > --Check mails > --Surf the Web > --access ftp servers > --and for the firewall to get updates over cvs serves > > Private IP: 192.168.0.1 ---default router > Clients:192.168.0.2/3/4 Freebsd/win2k/winXP > > /etc/ipf.rules > block in on tun0 all head 1 > block in quick on tun0 from 192.168.0.0/16 to any group 1 > block in quick on tun0 from 172.16.0.0/12 to any group 1 > block in quick on tun0 from 10.0.0.0/8 to any group 1 > block in quick on tun0 from 127.0.0.0/8 to any group 1 > block in quick on tun0 from 0.0.0.0/8 to any group 1 > block in quick on tun0 from 169.254.0.0/16 to any group 1 > block in quick on tun0 from 192.0.2.0/24 to any group 1 > block in quick on tun0 from 204.152.64.0/23 to any group 1 > block in quick on tun0 from 224.0.0.0/3 to any group 1 > block in quick on tun0 from 192.168.0.0/8 to any group 1 > block in quick on tun0 from 192.168.0.0/16 to any group 1 > block in quick on tun0 from 192.168.0.0/24 to any group 1 > block in quick on tun0 from 192.168.0.0/32 to any group 1 > block in quick on tun0 from 192.168.0.255/32 to any group 1 > block in quick on tun0 all with frags group 1 to any group 1 > block in quick on tun0 proto tcp all with short group 1 > block in quick on tun0 all with opt lsrr group 1 > block in quick on tun0 all with opt ssrr group 1 > block in quick on tun0 proto tcp from any to any flags FUP group 1 > block in quick on tun0 all with ipopts group 1 > block in quick on tun0 proto icmp all icmp-type 8 group 1 > block in quick on tun0 proto tcp from any to any port = 113 group 1 > block in quick on tun0 proto tcp/udp from any to any port = 135 group 1 > block in quick on tun0 proto tcp/udp from any to any port = 137 group 1 > block in quick on tun0 proto tcp/udp from any to any port = 138 group 1 > block in quick on tun0 proto tcp/udp from any to any port = 139 group 1 > block in quick on tun0 proto tcp/udp from any to any port = 81 group 1 > block in quick on tun0 proto tcp/udp from any to any port = 445 group 1 > block in quick on tun0 proto tcp/udp from any to any port = 500 group 1 > block in quick on tun0 proto tcp/udp from any to any port = 593 group 1 > block in log first quick on tun0 group 1 > > block out on tun0 all head 2 > pass out quick on tun0 proto tcp from any to 200.38.10.1/32 port=53 flags S > keep state group 2 > pass out quick on tun0 proto udp from any to 200.38.10.1/32 port=53 keep > state group 2 > pass out quick on tun0 proto tcp from any to 200.23.249.1/32 port=53 flags S > keep state group > > 2 > pass out quick on tun0 proto udp from any to 200.23.249.1/32 port=53 keep > state group 2 > pass out quick on tun0 proto tcp from any to any port = 80 flags S keep > state group 2 > pass out quick on tun0 proto tcp from any to any port = 443 flags S keep > state group 2 > pass out quick on tun0 proto tcp from any to any port = 21 flags S keep > state group 2 > pass out quick on tun0 proto tcp from any to any port = 23 flags S keep > state group 2 > pass out quick on tun0 proto tcp from any to any port = 5999 flags S keep > state group 2 > pass out quick on tun0 proto tcp from any to any port = 43 flags S keep > state group 2 > pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state > group 2 > block out log first quick on tun0 all group 2 > > block out on ed0 all head 3 > pass out quick on ed0 all group 3 > > block in on ed0 all head 4 > pass in quick on ed0 all group 4 > > block out on lo0 all head 5 > pass out quick on lo0 all group 5 > > block in on lo0 all head 6 > pass in quick on lo0 all group 6 > > block out on lp0 all head 7 > pass out quick on lp0 all group 7 > > block in on lp0 all head 8 > pass in quick on lp0 all group 8 > > block in quick all > block out quick all > > /etc/ipnat.rules > map tun0 0/0 ->0/32 proxy port ftp ftp/tcp > map tun0 0/0 ->0/32 portmap tcp/udp 20000/60000 > map tun0 0/0 ->0/32 > > I will apreciate any coments, only one questions, suposed that i want to > let emule work, the rdr on ipnat.rules, goes before map o after map??? or > where it goes? > > Thanks all. > > > > > > > ________________________________ > Create tu cuenta webmail en http://www.starlinux.net >
