summaryrefslogtreecommitdiff
path: root/ipmasq/rules/A80firewall.def
blob: 80045dbfabc1eb45f3554bc80d35ad7c04d0275d (plain) 
    

  1. # You should not edit this file.  Instead, create a file with the same
    2. 

  2. # name as this one, but with a .rul extension instead of .def.  The
    3. 

  3. # .rul file will override this one.
    4. 

  4. #
    5. 

  5. # However, any changes you make to this file will be preserved.
    6. 

  6. 

  7. # Packet filter firewall script for ipmasq (GPL)
    8. 

  8. #                   By Osamu Aoki <osamu@aokiconsulting.com>
    9. 

  9. #
    10. 

  10. # Firewall are set for external network connection ports listed in $EXTERNAL
    11. 

  11. # Little consideration taken for shared port, eth0:0, etc.  (Deny=Drop)
    12. 

  12. #
    13. 

  13. ###############################################################################
    14. 

  14. #
    15. 

  15. # CONFIGURE FIREWALL RULES
    16. 

  16. #
    17. 

  17. ## QADDR: deny(in)/reject(out) foreign hosts by address of forein host 
    18. 

  18. #         w/o log
    19. 

  19. #  List all all annoying sites
    20. 

  20. # Default = none
    21. 

  21. QADDR=""
    22. 

  22. #  ATT@HOME nntp port scan daemon: 24.0.94.130 24.0.0.203
    23. 

  23. #  pop-up ad sites: 
    24. 

  24. #    ads.x10.com 64.85.92.20
    25. 

  25. #    ad.doubleclick.net 206.65.183.125
    26. 

  26. #  network status check:
    27. 

  27. #   pnap.com 216.52.223.0/24  ICMP
    28. 

  28. #QADDR="24.0.94.130/32 24.0.0.203/32 64.85.92.20/32 206.65.183.125/32 216.52.223.0/24"
    29. 

  29. 

  30. ## ATCPSVR: allow foreign host by port of this PC for TCP
    31. 

  31. # List open port server services (Both in and out)
    32. 

  32. # Default = All open.
    33. 

  33. ATCPSVR="1:1023"
    34. 

  34. # Very open (No netbios nor sunrpc)
    35. 

  35. #ATCPSVR="ftp ftp-data ssh telnet smtp nameserver whois domain finger www kerberos pop2 pop3 auth imap2 irc imap3 ldap https who talk uucp ldaps imaps pop3s"
    36. 

  36. # Normal
    37. 

  37. #ATCPSVR="ssh auth smtp telnet www pop3 https"
    38. 

  38. # My choice
    39. 

  39. #ATCPSVR="ssh auth smtp"
    40. 

  40. 

  41. ## AUDPSVR: allow foreign host by port of this PC for UDP
    42. 

  42. # List open port server services (Both in and out)
    43. 

  43. # Default = All open.
    44. 

  44. ATCPSVR="1:1023"
    45. 

  45. # Normal = just accept dhcp server <-> dhcp client
    46. 

  46. #AUDPSVR="bootpc"
    47. 

  47. 

  48. ## QTCPSVR: deny foreign host by port of this PC w/o log for TCP
    49. 

  49. # do not service these to outside but useful inside
    50. 

  50. QTCPSVR="137:139 80 111"
    51. 

  51. 

  52. ## QUDPSVR: deny foreign host by port of this PC w/o log for UDP
    53. 

  53. # do not service these to outside but useful inside
    54. 

  54. QUDPSVR="137:139"
    55. 

  55. 

  56. ## DTCPSVR: deny foreign host by port of this PC with log for TCP
    57. 

  57. # server port range (LOG)
    58. 

  58. DTCPSVR="1:1023"
    59. 

  59. 

  60. ## DUDPSVR: deny foreign host by port of this PC with log for UDP
    61. 

  61. # server port range (LOG)
    62. 

  62. DUDPSVR="1:1023"
    63.
generated by cgit v1.2.3 (git 2.46.0) at 2025-01-12 13:00:45 +0000