mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-16 15:38:43 +02:00
25 lines
595 B
Plaintext
25 lines
595 B
Plaintext
|
|
|
|
#
|
|
# Scrub rules
|
|
#
|
|
match all scrub (reassemble tcp no-df )
|
|
match out all scrub (random-id min-ttl 64 max-mss 1460)
|
|
|
|
|
|
# Tables: (1)
|
|
table <tbl.r0.d> { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 }
|
|
|
|
#
|
|
# Rule backup ssh access rule
|
|
# backup ssh access rule
|
|
pass in quick inet proto tcp from 10.3.14.30 to <tbl.r0.d> port 22 label "RULE -1 -- ACCEPT "
|
|
#
|
|
# Rule 0 (global)
|
|
block log quick inet from any to any no state label "RULE 0 -- DROP "
|
|
#
|
|
# Rule fallback rule
|
|
# fallback rule
|
|
block quick inet from any to any no state label "RULE 10000 -- DROP "
|
|
|