onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity
fwbuilder/test/ipf/firewall4-ipf.conf.orig

77 lines
3.4 KiB
Plaintext
Executable File
Raw Blame History

# Policy compiler errors and warnings:
# firewall4:Policy:6: warning: Changing rule direction due to self reference
# firewall4:Policy:6: warning: Changing rule direction due to self reference
#
# Rule 0 (eth1)
# Anti-spoofing rule
block in log quick on eth1 from 192.168.1.1 to any
block in log quick on eth1 from 192.168.2.1 to any
block in log quick on eth1 from 222.222.222.222 to any
block in log quick on eth1 from 192.168.1.0/24 to any
#
# Rule 1 (eth1)
# Anti-spoofing rule
skip 4 out on eth1 from 192.168.1.1 to any
skip 3 out on eth1 from 192.168.2.1 to any
skip 2 out on eth1 from 222.222.222.222 to any
skip 1 out on eth1 from 192.168.1.0/24 to any
block out log quick on eth1 from any to any
#
# Rule 2 (eth1)
block in log quick on eth1 proto icmp from any to any icmp-type 8 code 0
block out log quick on eth1 proto icmp from any to any icmp-type 8 code 0
#
# Rule 3 (eth1)
skip 1 in on eth1 proto icmp from 192.168.2.0/24 to any icmp-type 8 code 0
skip 1 out on eth1 proto icmp from 192.168.2.0/24 to any icmp-type 8 code 0
block in log quick on eth1 proto icmp from any to any icmp-type 8 code 0
block out log quick on eth1 proto icmp from any to any icmp-type 8 code 0
#
# Rule 4 (global)
# hostF has the same IP address as firewal.
pass in log quick proto icmp from any to 192.168.1.1 icmp-type 8 code 0 keep state
pass out log quick proto icmp from any to 192.168.1.1 icmp-type 8 code 0 keep state
#
# Rule 5 (global)
# testing negation in the policy rule
skip 2 in proto icmp from 192.168.1.10 to any icmp-type 3
skip 1 in proto icmp from 192.168.1.20 to any icmp-type 3
skip 2 out proto icmp from 192.168.1.10 to any icmp-type 3
skip 1 out proto icmp from 192.168.1.20 to any icmp-type 3
block in log quick proto icmp from any to any icmp-type 3
block out log quick proto icmp from any to any icmp-type 3
#
# Rule 6 (global)
# firewall4:Policy:6: warning: Changing rule direction due to self reference
skip 8 in proto icmp from 192.168.1.10 to 192.168.1.1 icmp-type 3
skip 7 in proto icmp from 192.168.1.10 to 192.168.2.1 icmp-type 3
skip 6 in proto icmp from 192.168.1.10 to 222.222.222.222 icmp-type 3
skip 5 in proto icmp from 192.168.1.20 to 192.168.1.1 icmp-type 3
skip 4 in proto icmp from 192.168.1.20 to 192.168.2.1 icmp-type 3
skip 3 in proto icmp from 192.168.1.20 to 222.222.222.222 icmp-type 3
block in log quick proto icmp from any to 192.168.1.1 icmp-type 3
block in log quick proto icmp from any to 192.168.2.1 icmp-type 3
block in log quick proto icmp from any to 222.222.222.222 icmp-type 3
#
# Rule 8 (global)
# 'masquerading' rule
pass in quick proto icmp from 192.168.1.0/24 to any keep state
pass in quick proto tcp from 192.168.1.0/24 to any keep state
pass in quick proto udp from 192.168.1.0/24 to any keep state
pass in quick from 192.168.1.0/24 to any
pass out quick proto icmp from 192.168.1.0/24 to any keep state
pass out quick proto tcp from 192.168.1.0/24 to any keep state
pass out quick proto udp from 192.168.1.0/24 to any keep state
pass out quick from 192.168.1.0/24 to any
#
# Rule 10 (global)
# 'catch all' rule
block in log quick from any to any
block out log quick from any to any
#
# Rule fallback rule
# fallback rule
block in quick from any to any
block out quick from any to any
Reference in New Issue View Git Blame Copy Permalink