[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipf rules for dial-up system
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: ipf rules for dial-up system
- From: Aidan Skinner <aidan_(_at_)_reality_(_dot_)_co_(_dot_)_uk>
- Date: Fri, 10 Nov 2000 17:19:00 +0000
- Organization: Reality
Charles Calthrop wrote:
> Hi there,
> I'd like to implement some filtering rules in my OpenBSD system at home,
> which has dial-up access to the net. Basically, I would like to
> deny access to all incoming connections while not interfering with
> outgoing ones.
> Anyone cares to share some ipf rules suitable for this task?
replace ppp0 with your interface name if it's different. Replace
192.168.0.0/24 with your internal netblock
block in log quick on ppp0 from any to any head 01
block out log on ppp0 from any to any head 02
pass out quick on ppp0 from 192.168.0.0/24 to any proto tcp keep state
pass out quick on ppp0 from 192.168.0.0/24 to any proto udp keep state
pass out quick on ppp0 from 192.168.0.0/24 to any proto icmp keep state
This should work, provided you don't want to use active ftp
(passive-mode will work fine though).
Rather than follow this, read:
Reality Group Ltd
tel: +44 (0)141 810 2500
fax: +44 (0)141 810 3262
"Bother", said Pooh, as Piglet ran off with his wife and kids.
The content of this email is intended solely for the person(s)
to which the message is addressed above, and should be treated
as confidential. Access by or disclosure to anyone other than
the intended recipient for any reason other than the business
purpose for which the message is intended, is unauthorised.
All reasonable precautions have been taken to ensure no viruses
are present in this e-mail. Reality Group Ltd cannot accept
responsibility for loss or damage arising from the use of this
Should you receive this message in error, please notify
webmaster_(_at_)_reality_(_dot_)_co_(_dot_)_uk immediately, and delete the message
from your operating system.