my ipf rules [Archive] - The FreeBSD Forums

View Full Version : my ipf rules

rill

October 18th, 2010, 02:32

1, try client
pass out port = 22 can use "keep state", can not use "flags S keep state"
pass out port = 21 need pass other high port, for example: port > 1024
my rules:

pass in quick on lo0 all
pass out quick on lo0 all

pass out quick on bge0 proto udp from 192.168.1.123/32 to any port = 53 keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 80 flags S keep state
pass out quick on bge0 proto tcp from any to any port = 21 flags S keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port > 1024 flags S keep state

pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 22 keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 25 flags S keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 110 flags S keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 3389 flags S keep state
pass out quick on bge0 proto icmp from 192.168.1.123/32 to any icmp-type 8 keep state

pass in quick on bge0 proto tcp from any to 192.168.1.123/32 port = 21 flags S keep state
#pass in quick on bge0 proto tcp from any to 192.168.1.123/32 icmp-type 8 keep state # bug with "proto tcp"
pass in quick on bge0 proto icmp from any to 192.168.1.123/32 icmp-type 8 keep state

block in log first quick on bge0 all
block out log first quick on bge0 all

rill

October 18th, 2010, 02:34

my ipf server rules:

block in on fx0
block in quick on fx0 from 192.168.0.0/16 to any
block in quick on fx0 from 172.16.0.0/12 to any
block in quick on fx0 from 10.0.0.0/8 to any
block in quick on fx0 from 127.0.0.0/8 to any
block in quick on fx0 from 0.0.0.0/8 to any
block in quick on fx0 from 169.254.0.0/16 to any
block in quick on fx0 from 192.0.2.0/24 to any
block in quick on fx0 from 204.152.64.0/23 to any
block in quick on fx0 from 224.0.0.0/3 to any
block in log quick on fx0 from 20.20.20.0/24 to any
block in log quick on fx0 from any to 20.20.20.0/32
block in log quick on fx0 from any to 20.20.20.255/32

pass out quick on lo0 all
pass in quick on lo0 all

pass out quick on fx0 proto tcp/udp from 20.20.20.1/32 to any keep state
pass out quick on fx0 proto icmp from 20.20.20.1/32 to any keep state
pass in quick on fx0 proto tcp from any to 20.20.20.1/32 port = 80 flags S keep state
pass in quick on fx0 proto tcp from any to 20.20.20.1/32 port = 21 flags S keep state
pass in quick on fx0 proto tcp from any to 20.20.20.1/32 port = 22 flags S keep state

how to stop ssh scan

SirDice

October 18th, 2010, 13:50

Use security/sshguard.