Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
ChaosVPN:Tims ipf conf
Revision as of 20:52, 9 November 2013 by Haegar (talk | contribs) (Haegar moved page Tims ipf conf to ChaosVPN:Tims ipf conf without leaving a redirect)
## start with block all inbound from internet ## fxp0 being the internet facing interface ## tun0 being the cvpn tunnel interface ## block in on fxp0 all block out on fxp0 all block in on tun0 all #block out on tun0 all ## dns ## pass out quick on fxp0 proto tcp from any to any port = 53 flags S keep state pass out quick on fxp0 proto udp from any to any port = 53 keep state pass in quick on fxp0 proto tcp from any to any port = 53 flags S keep state pass in quick on fxp0 proto udp from any to any port = 53 keep state ## allow ssh/scp/sftp from internet ## pass in quick on fxp0 proto tcp from any to any port = 22 flags S keep state pass out quick on fxp0 proto tcp from any to any port = 22 flags S keep state ## allow http to/from internet ## pass in quick on fxp0 proto tcp from any to any port = 80 flags S keep state pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state ## allow tinc/cvpn from internet ## pass in quick on fxp0 proto tcp/udp from any to any port = 655 keep state pass out quick on fxp0 proto tcp/udp from any to any port = 655 keep state ## allow pings to internet ## pass out quick on fxp0 proto icmp from any to any icmp-type 8 keep state ##################################################### ##################################################### ## tun0 ## pings in and out ## pass in quick on tun0 proto icmp from any to any icmp-type 8 keep state pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state ## irc ## #pass out quick on tun0 proto tcp from any to any port = 6667 flags S keep state ## dns ## pass out quick on tun0 proto tcp from any to any port = 53 flags S keep state pass out quick on tun0 proto udp from any to any port = 53 keep state pass in quick on tun0 proto tcp from any to any port = 53 flags S keep state pass in quick on tun0 proto udp from any to any port = 53 keep state