NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > OpenBSD Security> 2002-04

From: Andre LeBlanc (ap.leblancshaw.ca)
Date: Sun Apr 28 2002 - 12:04:25 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Heres the rules:
# don't allow spoof
block in quick on xl0 inet from { 127.0.0.0/8, 192.168.0.0/16, \
172.16.0.0/12, 10.0.0.0/8 } to any
# block out quick on xl0 inet from any to { 127.0.0.0/8, 192.168.0.0/16,
\
# 172.16.0.0/12, 10.0.0.0/8 }

# allow http

pass in quick on xl0 inet proto tcp from any to any port 80
pass in quick on xl0 inet proto tcp from any to any port 443

pass in quick on rl0 from any to any keep state
pass out quick on rl0 from any to any keep state
# default deny
block in quick on xl0 from any to any

# let outgoing traffic out

pass out on xl0 from any to any keep state

# logging

pass in log quick on xl0 inet proto tcp from any to any port 22

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]