Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "ChaosVPN:Tims ipf conf"

From CCCHHWiki
Jump to: navigation, search
(created evolving firewall doc page)
(One intermediate revision by the same user not shown)
Line 65: Line 65:
pass in  quick on tun0 proto udp from any to any port = 53        keep state
pass in  quick on tun0 proto udp from any to any port = 53        keep state

Latest revision as of 20:52, 9 November 2013

## start with block all inbound from internet
##   fxp0 being the internet facing interface
##   tun0 being the cvpn tunnel interface
block in  on fxp0 all
block out on fxp0 all
block in  on tun0 all
#block out on tun0 all

## dns
pass out quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass out quick on fxp0 proto udp from any to any port = 53         keep state
pass in  quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass in  quick on fxp0 proto udp from any to any port = 53         keep state

## allow ssh/scp/sftp from internet
pass in  quick on fxp0 proto tcp from any to any port = 22 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 22 flags S keep state

## allow http to/from internet
pass in quick on fxp0 proto tcp from any to any port = 80 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state

## allow tinc/cvpn from internet
pass in  quick on fxp0 proto tcp/udp from any to any port = 655 keep state
pass out quick on fxp0 proto tcp/udp from any to any port = 655 keep state

## allow pings to internet
pass out quick on fxp0 proto icmp from any to any icmp-type 8 keep state

## tun0

## pings in and out
pass in  quick on tun0 proto icmp from any to any icmp-type 8 keep state
pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state

## irc
#pass out quick on tun0 proto tcp from any to any port = 6667 flags S keep state

## dns
pass out quick on tun0 proto tcp from any to any port = 53 flags S keep state
pass out quick on tun0 proto udp from any to any port = 53         keep state
pass in  quick on tun0 proto tcp from any to any port = 53 flags S keep state
pass in  quick on tun0 proto udp from any to any port = 53         keep state