[FUG-BR] Regras de PF para firewall simples

Sergio Augusto Vladisauskis sergiovl em gmail.com
Sexta Maio 16 08:43:23 BRT 2008


retificando:

scrub in all fragment reassemble
block drop in on ! lo inet from 127.0.0.0/8 to any
block drop in on ! lo inet6 from ::1 to any
block drop in inet6 from ::1 to any
block drop in on lo0 inet6 from fe80::1 to any
block drop in on vr0 inet6 from fe80::211:d8ff:fef8:a192 to any
block drop in on rl0 inet6 from fe80::202:44ff:fe19:54df to any
block drop in inet from 127.0.0.1 to any
block drop in on ! rl0 inet from 10.0.0.0/23 to any
block drop in inet from 10.0.0.254 to any
block drop in quick on vr0 from any os "NMAP" to any
block return log quick from <brute> to any
pass in on vr0 proto tcp from any to any port = ssh flags S/SA keep
state (source-track rule, max-src-conn-rate 5/1, overload <brute> flush
global, src.track 1)
block return-rst in quick proto tcp all
block return-icmp(port-unr, port-unr) in quick proto udp all
block return log quick on vr0 from <badHosts> to any
block return log quick on vr0 from any to <badHosts>
anchor "ftp-proxy/*" all
pass out all flags S/SA keep state
pass in quick on rl0 all flags S/SA keep state
pass in quick on tun0 all flags S/SA keep state

-  
Sergio Augusto Vladisauskis
-> Analista de Sistemas e Administrador de Rede
-> Jaboatão dos Guararapes - PE
-> Fone: +55 81 3468 6301
-> Celular: +55 81 9288 2803
-> Skype: sergiovl-work
-> Registered Linux User: 305281



Em Qui, 2008-05-15 às 18:19 -0300, Alex Moura escreveu:
> Envie a saída do comando:
> 
> pfctl -s rules
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
-------------- Próxima Parte ----------
Um anexo não texto foi limpo...
Nome  : não disponível
Tipo  : application/pgp-signature
Tam   : 197 bytes
Descr.: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem
	assinada digitalmente
Url   : http://www.fug.com.br/historico/html/freebsd/attachments/20080516/e7dbba05/attachment.bin 


Mais detalhes sobre a lista de discussão freebsd