Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
Difference between revisions of "ChaosVPN:Tims ipf conf"
(created evolving firewall doc page) |
m |
||
(One intermediate revision by the same user not shown) | |||
Line 65: | Line 65: | ||
pass in quick on tun0 proto udp from any to any port = 53 keep state | pass in quick on tun0 proto udp from any to any port = 53 keep state | ||
</nowiki> | </nowiki> | ||
+ | |||
+ | [[Category:ChaosVPN]] |
Latest revision as of 20:52, 9 November 2013
## start with block all inbound from internet ## fxp0 being the internet facing interface ## tun0 being the cvpn tunnel interface ## block in on fxp0 all block out on fxp0 all block in on tun0 all #block out on tun0 all ## dns ## pass out quick on fxp0 proto tcp from any to any port = 53 flags S keep state pass out quick on fxp0 proto udp from any to any port = 53 keep state pass in quick on fxp0 proto tcp from any to any port = 53 flags S keep state pass in quick on fxp0 proto udp from any to any port = 53 keep state ## allow ssh/scp/sftp from internet ## pass in quick on fxp0 proto tcp from any to any port = 22 flags S keep state pass out quick on fxp0 proto tcp from any to any port = 22 flags S keep state ## allow http to/from internet ## pass in quick on fxp0 proto tcp from any to any port = 80 flags S keep state pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state ## allow tinc/cvpn from internet ## pass in quick on fxp0 proto tcp/udp from any to any port = 655 keep state pass out quick on fxp0 proto tcp/udp from any to any port = 655 keep state ## allow pings to internet ## pass out quick on fxp0 proto icmp from any to any icmp-type 8 keep state ##################################################### ##################################################### ## tun0 ## pings in and out ## pass in quick on tun0 proto icmp from any to any icmp-type 8 keep state pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state ## irc ## #pass out quick on tun0 proto tcp from any to any port = 6667 flags S keep state ## dns ## pass out quick on tun0 proto tcp from any to any port = 53 flags S keep state pass out quick on tun0 proto udp from any to any port = 53 keep state pass in quick on tun0 proto tcp from any to any port = 53 flags S keep state pass in quick on tun0 proto udp from any to any port = 53 keep state