pf filter sequence

Mon, 05 Feb 2007 07:39:42 -0800 

Hi, 

I've been running pf for a long time and thought I had it all nailed, but this 
thing have me stomped.

In the filter section I have a series of blocks intended to set the default 
block environment. 

My idea was that at this point nothing should be able to flow through to or 
from 10.1.0.12. But a later pass does let it pass out. I thought it processed 
from the top and stopped on a quick. Even a later quick should be ignored.


### Filter Rules

pass quick on lo
pass quick on $intif

# Block certain IP's
block in  log quick on $extif from $BlockIP to any
block out log quick on $extif from any to $Microsoft
block out log quick on $extif from { <private>, <BlockIP> } to any
block out log quick on $extif from any to $BlockIP

# Block NMap scans
block quick from any os NMAP

# Ignore the RIPv2 responses that are unsolicited
block in quick on $extif from 24.92.8.1 to any
block in quick on $extif from 24.73.73.129 to any
block in quick on $extif from 24.73.83.193 to any
block in quick on $extif from 24.144.89.129 to any
block in quick on $extif from 67.8.8.93 to any
block in quick on $extif proto { tcp udp } from any port 520 to any port 520

# Ignore external windows and others
block out log quick on $extif proto { tcp udp } from any to $extif port 
$BlockTCP
block out log quick on $extif proto { tcp udp } from any to any port { 67 68 }

# Block spoofing
antispoof quick for $extif

# Ignore internal windows and others
block out log quick on $extif proto tcp from $LAN port $BlockTCP to 
10.125.65.255 port $BlockTCP
block out log quick on $extif proto udp from $LAN port $BlockUDP to 
10.125.65.255 port $BlockUDP
block out log quick on $extif proto tcp from $LAN2 port $BlockTCP to 
10.125.65.255 port $BlockTCP
block out log quick on $extif proto udp from $LAN2 port $BlockUDP to 
10.125.65.255 port $BlockUDP
block return out log on $extif inet all queue other

# Block .12
block in log quick on $extif proto { tcp udp icmp } to 10.1.0.12
block out log quick on $extif proto { tcp udp icmp } from 10.1.0.12

# Block all incoming packets. Last stop.
block drop in log on $extif all



Bulk
_______________________________________________
Openbsd-newbies mailing list
[email protected]
http://mailman.theapt.org/listinfo/openbsd-newbies

Reply via email to