Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "ChaosVPN:Tims ipf conf"

From CCCHHWiki
Jump to: navigation, search
(created evolving firewall doc page)
 
m
 
(One intermediate revision by the same user not shown)
Line 65: Line 65:
 
pass in  quick on tun0 proto udp from any to any port = 53        keep state
 
pass in  quick on tun0 proto udp from any to any port = 53        keep state
 
</nowiki>
 
</nowiki>
 +
 +
[[Category:ChaosVPN]]

Latest revision as of 20:52, 9 November 2013

## start with block all inbound from internet
##   fxp0 being the internet facing interface
##   tun0 being the cvpn tunnel interface
##
block in  on fxp0 all
block out on fxp0 all
block in  on tun0 all
#block out on tun0 all


## dns
##
pass out quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass out quick on fxp0 proto udp from any to any port = 53         keep state
pass in  quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass in  quick on fxp0 proto udp from any to any port = 53         keep state


## allow ssh/scp/sftp from internet
##
pass in  quick on fxp0 proto tcp from any to any port = 22 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 22 flags S keep state


## allow http to/from internet
##
pass in quick on fxp0 proto tcp from any to any port = 80 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state


## allow tinc/cvpn from internet
##
pass in  quick on fxp0 proto tcp/udp from any to any port = 655 keep state
pass out quick on fxp0 proto tcp/udp from any to any port = 655 keep state


## allow pings to internet
##
pass out quick on fxp0 proto icmp from any to any icmp-type 8 keep state



#####################################################
#####################################################
## tun0


## pings in and out
##
pass in  quick on tun0 proto icmp from any to any icmp-type 8 keep state
pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state


## irc
##
#pass out quick on tun0 proto tcp from any to any port = 6667 flags S keep state


## dns
##
pass out quick on tun0 proto tcp from any to any port = 53 flags S keep state
pass out quick on tun0 proto udp from any to any port = 53         keep state
pass in  quick on tun0 proto tcp from any to any port = 53 flags S keep state
pass in  quick on tun0 proto udp from any to any port = 53         keep state