Date: Wed, 6 Mar 2002 06:29:12 -0500 From: "Larry Cronin (Hotmail)" <lccronin@hotmail.com> To: <freebsd-questions@FreeBSD.ORG> Subject: IPF Rule set questions Message-ID: <OE12gRjpPIKQg9g4alp000044a5@hotmail.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_00A0_01C1C4D8.3B1EAA50 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, =20 I am having some issues with my Internet being very slow. I am = currently , with the help of this list sorting it out. Could anyone = tell me if this rule set looks ok. ################################# # Outside Interface # ################################# # This segment allows out all TCP, UDP, and ICMP traffic & keeps state # on it so it will allow it back in. pass out quick on xl1 proto tcp from any to any keep state pass out quick on xl1 proto udp from any to any keep state pass out quick on xl1 proto icmp from any to any keep state block out quick on xl1 all # This segment allows Mail traffic to the Exchange Server pass in quick on xl1 proto tcp from any to xxx.yyy.zzz.10/24 port =3D = 25 keep state pass in quick on xl1 proto tcp from any to xxx.yyy.zzz.10/24 port =3D = 110 keep state # This segment blocks and logs all remaining traffic coming into the = firewall # It blocks TCP with a RST (to make it appear as if the service isn't = listening)=20 # It blocks UDP with an ICMP port inreachable (to make it appear as if = the=20 # service isn't listening) # It blocks all remaining traffic block return-rst in log quick on xl1 proto tcp from any to any block return-icmp-as-dest(port-unr) in log quick on xl1 proto udp from = any to any block in log quick on xl1 all ################################# # Inside Interface # ################################# # This segment allows out all TCP, UDP, and ICMP traffic and keeps state pass out quick on xl0 proto tcp from any to any keep state pass out quick on xl0 proto udp from any to any keep state pass out quick on xl0 proto icmp from any to any keep state block out quick on xl0 all # This segment allows in all TCP, UDP, and ICMP traffic and keeps state pass in quick on xl0 proto tcp from any to any keep state pass in quick on xl0 proto udp from any to any keep state pass in quick on xl0 proto icmp from any to any keep state block in quick on xl0 all ################################# # Loopback Interface # ################################# # This segement allows everything to/from your loopback interface so you = can # ping yourself (e.g. ping localhost) pass in quick on lo0 all pass out quick on lo0 all # END OF FILE Thanks=20 Larry ------=_NextPart_000_00A0_01C1C4D8.3B1EAA50 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hello, </FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>I am having some issues with my = Internet being very=20 slow. I am currently , with the help of this list sorting it = out. =20 Could anyone tell me if this rule set looks ok.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial = size=3D2>#################################<BR># Outside=20 Interface #<BR>#################################<BR># This segment = allows=20 out all TCP, UDP, and ICMP traffic & keeps state<BR># on it so it = will allow=20 it back in.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>pass out quick on xl1 proto tcp from = any to any=20 keep state<BR>pass out quick on xl1 proto udp from any to any keep = state<BR>pass=20 out quick on xl1 proto icmp from any to any keep state<BR>block out = quick on xl1=20 all</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2># This segment allows Mail traffic to = the Exchange=20 Server</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>pass in quick on xl1 proto tcp from any = to=20 xxx.yyy.zzz.10/24 port =3D 25 keep state<BR>pass in quick on xl1 = proto tcp=20 from any to xxx.yyy.zzz.10/24 port =3D 110 keep state</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2><BR># This segment blocks and logs all = remaining=20 traffic coming into the firewall<BR># It blocks TCP with a RST (to make = it=20 appear as if the service isn't listening) <BR># It blocks UDP with an = ICMP port=20 inreachable (to make it appear as if the <BR># service isn't = listening)<BR># It=20 blocks all remaining traffic</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>block return-rst in log quick on xl1 = proto tcp from=20 any to any<BR>block return-icmp-as-dest(port-unr) in log quick on xl1 = proto udp=20 from any to any<BR>block in log quick on xl1 all</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial=20 size=3D2><BR>#################################<BR># &nbs= p; =20 Inside Interface #<BR>#################################<BR># This = segment=20 allows out all TCP, UDP, and ICMP traffic and keeps state<BR>pass out = quick on=20 xl0 proto tcp from any to any keep state<BR>pass out quick on = xl0 =20 proto udp from any to any keep state<BR>pass out quick on xl0 = proto icmp=20 from any to any keep state<BR>block out quick on xl0 all</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2># This segment allows in all TCP, UDP, = and ICMP=20 traffic and keeps state</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>pass in quick on xl0 proto tcp = from any to=20 any keep state<BR>pass in quick on xl0 proto udp from any to any = keep=20 state<BR>pass in quick on xl0 proto icmp from any to any keep=20 state<BR>block in quick on xl0 all</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial=20 size=3D2>#################################<BR># Loopback=20 Interface #<BR>#################################<BR># This segement = allows=20 everything to/from your loopback interface so you can<BR># ping = yourself =20 (e.g. ping localhost)</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>pass in quick on lo0 all<BR>pass out = quick on lo0=20 all</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2><BR># END OF FILE<BR></FONT></DIV> <DIV> </DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks </FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Larry</FONT></DIV></BODY></HTML> ------=_NextPart_000_00A0_01C1C4D8.3B1EAA50-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE12gRjpPIKQg9g4alp000044a5>