diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2002-01-03 12:39:41 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2002-01-03 12:39:41 +0000 |
| commit | 44aa93e6aa788df838c95bf92b5f0dba81124621 (patch) | |
| tree | 3460134819f1792c43ae710316c113575ffc465d /ipmasq/rules/A80firewall.def | |
| parent | 327bff9038e355ab92d32bf7b90add340ede1fc6 (diff) | |
ipmasq: Add firewall and ipac (IP-accounting) rules.
Diffstat (limited to 'ipmasq/rules/A80firewall.def')
| -rw-r--r-- | ipmasq/rules/A80firewall.def | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/ipmasq/rules/A80firewall.def b/ipmasq/rules/A80firewall.def new file mode 100644 index 0000000..80045db --- /dev/null +++ b/ipmasq/rules/A80firewall.def @@ -0,0 +1,62 @@ +# You should not edit this file. Instead, create a file with the same +# name as this one, but with a .rul extension instead of .def. The +# .rul file will override this one. +# +# However, any changes you make to this file will be preserved. + +# Packet filter firewall script for ipmasq (GPL) +# By Osamu Aoki <osamu@aokiconsulting.com> +# +# Firewall are set for external network connection ports listed in $EXTERNAL +# Little consideration taken for shared port, eth0:0, etc. (Deny=Drop) +# +############################################################################### +# +# CONFIGURE FIREWALL RULES +# +## QADDR: deny(in)/reject(out) foreign hosts by address of forein host +# w/o log +# List all all annoying sites +# Default = none +QADDR="" +# ATT@HOME nntp port scan daemon: 24.0.94.130 24.0.0.203 +# pop-up ad sites: +# ads.x10.com 64.85.92.20 +# ad.doubleclick.net 206.65.183.125 +# network status check: +# pnap.com 216.52.223.0/24 ICMP +#QADDR="24.0.94.130/32 24.0.0.203/32 64.85.92.20/32 206.65.183.125/32 216.52.223.0/24" + +## ATCPSVR: allow foreign host by port of this PC for TCP +# List open port server services (Both in and out) +# Default = All open. +ATCPSVR="1:1023" +# Very open (No netbios nor sunrpc) +#ATCPSVR="ftp ftp-data ssh telnet smtp nameserver whois domain finger www kerberos pop2 pop3 auth imap2 irc imap3 ldap https who talk uucp ldaps imaps pop3s" +# Normal +#ATCPSVR="ssh auth smtp telnet www pop3 https" +# My choice +#ATCPSVR="ssh auth smtp" + +## AUDPSVR: allow foreign host by port of this PC for UDP +# List open port server services (Both in and out) +# Default = All open. +ATCPSVR="1:1023" +# Normal = just accept dhcp server <-> dhcp client +#AUDPSVR="bootpc" + +## QTCPSVR: deny foreign host by port of this PC w/o log for TCP +# do not service these to outside but useful inside +QTCPSVR="137:139 80 111" + +## QUDPSVR: deny foreign host by port of this PC w/o log for UDP +# do not service these to outside but useful inside +QUDPSVR="137:139" + +## DTCPSVR: deny foreign host by port of this PC with log for TCP +# server port range (LOG) +DTCPSVR="1:1023" + +## DUDPSVR: deny foreign host by port of this PC with log for UDP +# server port range (LOG) +DUDPSVR="1:1023" |