# You should not edit this file. Instead, create a file with the same # name as this one, but with a .rul extension instead of .def. The # .rul file will override this one. # # However, any changes you make to this file will be preserved. # Packet filter firewall script for ipmasq (GPL) # By Osamu Aoki # # Firewall are set for external network connection ports listed in $EXTERNAL # Little consideration taken for shared port, eth0:0, etc. (Deny=Drop) # ############################################################################### # # CONFIGURE FIREWALL RULES # ## QADDR: deny(in)/reject(out) foreign hosts by address of forein host # w/o log # List all all annoying sites # Default = none QADDR="" # ATT@HOME nntp port scan daemon: 24.0.94.130 24.0.0.203 # pop-up ad sites: # ads.x10.com 64.85.92.20 # ad.doubleclick.net 206.65.183.125 # network status check: # pnap.com 216.52.223.0/24 ICMP #QADDR="24.0.94.130/32 24.0.0.203/32 64.85.92.20/32 206.65.183.125/32 216.52.223.0/24" ## ATCPSVR: allow foreign host by port of this PC for TCP # List open port server services (Both in and out) # Default = All open. ATCPSVR="1:1023" # Very open (No netbios nor sunrpc) #ATCPSVR="ftp ftp-data ssh telnet smtp nameserver whois domain finger www kerberos pop2 pop3 auth imap2 irc imap3 ldap https who talk uucp ldaps imaps pop3s" # Normal #ATCPSVR="ssh auth smtp telnet www pop3 https" # My choice #ATCPSVR="ssh auth smtp" ## AUDPSVR: allow foreign host by port of this PC for UDP # List open port server services (Both in and out) # Default = All open. ATCPSVR="1:1023" # Normal = just accept dhcp server <-> dhcp client #AUDPSVR="bootpc" ## QTCPSVR: deny foreign host by port of this PC w/o log for TCP # do not service these to outside but useful inside QTCPSVR="137:139 80 111" ## QUDPSVR: deny foreign host by port of this PC w/o log for UDP # do not service these to outside but useful inside QUDPSVR="137:139" ## DTCPSVR: deny foreign host by port of this PC with log for TCP # server port range (LOG) DTCPSVR="1:1023" ## DUDPSVR: deny foreign host by port of this PC with log for UDP # server port range (LOG) DUDPSVR="1:1023"