my ipf rules

R

rill

1, try client
pass out port = 22 can use "keep state", can not use "flags S keep state"
pass out port = 21 need pass other high port, for example: port > 1024
my rules:
Code: 
pass in quick on lo0 all
pass out quick on lo0 all

pass out quick on bge0 proto udp from 192.168.1.123/32 to any port = 53 keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 80 flags S keep state
pass out quick on bge0 proto tcp from any to any port = 21 flags S keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port > 1024 flags S keep state

pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 22 keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 25 flags S keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 110 flags S keep state
pass out quick on bge0 proto tcp from 192.168.1.123/32 to any port = 3389 flags S keep state
pass out quick on bge0 proto icmp from 192.168.1.123/32 to any icmp-type 8 keep state

pass in quick on bge0 proto tcp from any to 192.168.1.123/32 port = 21 flags S keep state
#pass in quick on bge0 proto tcp from any to 192.168.1.123/32 icmp-type 8 keep state # bug with "proto tcp"
pass in quick on bge0 proto icmp from any to 192.168.1.123/32 icmp-type 8 keep state

block in log first quick on bge0 all
block out log first quick on bge0 all
 
my ipf server rules:
Code: 
block in     on fx0
block in     quick on fx0 from 192.168.0.0/16 to any
block in     quick on fx0 from 172.16.0.0/12 to any
block in     quick on fx0 from 10.0.0.0/8 to any
block in     quick on fx0 from 127.0.0.0/8 to any
block in     quick on fx0 from 0.0.0.0/8 to any
block in     quick on fx0 from 169.254.0.0/16 to any
block in     quick on fx0 from 192.0.2.0/24 to any
block in     quick on fx0 from 204.152.64.0/23 to any
block in     quick on fx0 from 224.0.0.0/3 to any
block in log quick on fx0 from 20.20.20.0/24 to any
block in log quick on fx0 from any to 20.20.20.0/32
block in log quick on fx0 from any to 20.20.20.255/32

pass  out quick on lo0 all
pass  in  quick on lo0 all

pass  out quick on fx0 proto tcp/udp from 20.20.20.1/32 to any keep state
pass  out quick on fx0 proto icmp    from 20.20.20.1/32 to any keep state
pass  in  quick on fx0 proto tcp from any to 20.20.20.1/32 port = 80 flags S keep state
pass  in  quick on fx0 proto tcp from any to 20.20.20.1/32 port = 21 flags S keep state
pass  in  quick on fx0 proto tcp from any to 20.20.20.1/32 port = 22 flags S keep state

how to stop ssh scan
 
You must log in or register to reply here.
Back
Top