Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

ChaosVPN:Tims ipf conf

From CCCHHWiki
Revision as of 08:29, 27 October 2013 by Othtim (talk | contribs) (created evolving firewall doc page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
## start with block all inbound from internet
##   fxp0 being the internet facing interface
##   tun0 being the cvpn tunnel interface
##
block in  on fxp0 all
block out on fxp0 all
block in  on tun0 all
#block out on tun0 all


## dns
##
pass out quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass out quick on fxp0 proto udp from any to any port = 53         keep state
pass in  quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass in  quick on fxp0 proto udp from any to any port = 53         keep state


## allow ssh/scp/sftp from internet
##
pass in  quick on fxp0 proto tcp from any to any port = 22 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 22 flags S keep state


## allow http to/from internet
##
pass in quick on fxp0 proto tcp from any to any port = 80 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state


## allow tinc/cvpn from internet
##
pass in  quick on fxp0 proto tcp/udp from any to any port = 655 keep state
pass out quick on fxp0 proto tcp/udp from any to any port = 655 keep state


## allow pings to internet
##
pass out quick on fxp0 proto icmp from any to any icmp-type 8 keep state



#####################################################
#####################################################
## tun0


## pings in and out
##
pass in  quick on tun0 proto icmp from any to any icmp-type 8 keep state
pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state


## irc
##
#pass out quick on tun0 proto tcp from any to any port = 6667 flags S keep state


## dns
##
pass out quick on tun0 proto tcp from any to any port = 53 flags S keep state
pass out quick on tun0 proto udp from any to any port = 53         keep state
pass in  quick on tun0 proto tcp from any to any port = 53 flags S keep state
pass in  quick on tun0 proto udp from any to any port = 53         keep state