Re: pf firewall [vytjon @ 2008-09-15 08:54:58] — Newsgroups.lt

Tema: Re: pf firewall

Autorius: vytjon

Data: 2008-09-15 08:54:58

emnt wrote:
> gal kas turit pf pavyzdi, kad lokaliems klientams viskas blokuota ir 
> leidziama tik  pvz naudoti 80 ir 21 portu?

# Let only ping, query DNS, NTP, smtp, pop3, web
pass in on $local_IF inet proto tcp from $local_net to any \
   port { 25, 80, 110, 123, 443, 995 }
pass in on $local_IF inet proto icmp all icmp-type 8 code 0
pass in on $local_IF inet proto udp from $local_net to $isp_dns \
   port = 53
block out on $local_IF all

   Čia tik dalis taisyklių, visokius nat'us bei "block all" irgi reikia 
apsirašyti. Taisyklės vidinio tinklo interfeisui rašomos žiūrint "iš 
priešingos pusės" nei internet'o interfeisui.

3D astronomy agriculture audio autos autos.audi autos.audio autos.binaries autos.bmw autos.club autos.ford autos.hondacrx autos.japan autos.mercedes autos.opel autos.sport autos.volvo autos.vw avia avia.binaries bankcards binaries books building cinema commerce comp.hardware comp.software comp.lietuvinimas comp.networks culture darbas.ieskau darbas.siulau design economics electronics fauna fauna.aqua fauna.binaries fishing flora foto foto.binaries games games.cs games.online gsm gurmanai humour humour.binaries internet law microsoft moto music music.binaries music.instruments music.LT.binaries navigacija php politics programming rpg sport studying sveikata talk test translation transportation travel travel.binaries tv unix video video.binaries watersports www www.flash pda autos.supermama.lt mobile darbas retro.3D retro.agriculture retro.astronomy retro.audio retro.autos retro.autos.audi retro.autos.audio retro.autos.binaries retro.autos.bmw retro.autos.club retro.autos.ford retro.autos.hondacrx retro.autos.japan retro.autos.mercedes retro.autos.opel retro.autos.sport retro.autos.supermama retro.autos.supermama.lt retro.autos.volvo retro.autos.vw retro.avia retro.avia.binaries retro.bankcards retro.beos retro.binaries retro.books retro.building retro.cinema retro.commerce retro.comp retro.comp.hardware retro.comp.lietuvinimas retro.comp.networks retro.comp.software retro.culture retro.darbas retro.darbas.ieskau retro.darbas.siulau retro.design retro.economics retro.electronics retro.e-vejas retro.fauna retro.fauna.aqua retro.fauna.binaries retro.fishing retro.flora retro.foto retro.foto.binaries retro.games retro.games.cs retro.games.online retro.games.rpg retro.genealogija retro.gsm retro.gurmanai retro.humour retro.humour.binaries retro.internet retro.YZF retro.YZF.nebuk retro.YZF.nebuk.netikintis retro.YZF.nebuk.netikintis.buk retro.YZF.nebuk.netikintis.buk.tikintis retro.law retro.microsoft retro.mobile retro.moto retro.music retro.music.binaries retro.music.instruments retro.music.LT retro.music.LT.binaries retro.navigacija retro.news retro.news.taisykles retro.newuser retro.pda retro.php retro.politics retro.programming retro.rpg retro.sport retro.studying retro.sveikata retro.talk retro.translation retro.transportation retro.travel retro.travel.binaries retro.tv retro.unix retro.video retro.video.binaries retro.watersports retro.www retro.www.flash diy lt.rkm.news.announce lt.rkm.news.newuser

+ubuntu ir tvtime garsasdovydas2008-10-04 20:02

+UbuntuPluss2008-10-03 16:35

+Reikia patarimo del PCI wifi ploksteskornaz2008-10-02 12:59

+print queue managerblatas2008-10-02 11:59

+SmartUPS 2 kompams: ką rekomenduosit?Artūras Šlajus2008-10-01 16:47

+Alternatyvus DHCP servisas vietoje Windows Server DHCPkrx2008-09-30 21:44

+retorinis klausimas apie spamaVJ2008-09-30 01:33

+Kaip vadinasi gryztancio emailo spamas?Levas 32008-09-26 15:43

+Kiba naujas virusas ar spamas atgijo? :)Levas 32008-09-26 15:18

+Manipuliacija su antru gw. Padekit Levui :)Levas 32008-09-26 12:30

+Koki rinktis?voxdizainas2008-09-26 08:43

+ext3 recoverinimasNerijus Skarzauskas2008-09-26 07:30

mail clientas + exchange serverAgent Smith2008-09-25 03:52

+Litnetas ir keli IP adresaiLevas2008-09-24 20:27

+koks connectionas ?TZ2008-09-24 11:57

+samba+win explorerisbiagle <justas @ lanteka.lt>2008-09-19 18:15

+HELP: Slackware 12--==Deveros==--2008-09-19 16:56

+OFF: Bugu pachinimasuntanas2008-09-18 16:59

+Q: WINS serverisssh2008-09-18 11:34

Lietuvybe Soliaryje 10Andrius2008-09-18 01:10

+symlinkai blogis?azuolas2008-09-16 12:47

-pf firewallemnt2008-09-15 00:34

Re: pf firewallvytjon2008-09-15 08:54

+routaiemnt2008-09-11 15:40

+iconv problemaIngodas Vytrastas2008-09-11 13:31

+saito uzblokavimas iptables'u pagalbaIgaliotinis patrulis!2008-09-11 11:36

+apache restartai 00:10 kasnaktRocco2008-09-08 15:11

+vartotojo priskyrimas grupeitOMZY2008-09-05 14:43

+Problema su rezoliucijaErikas2008-09-05 10:13

+skynet dingstaemnt2008-09-04 10:01

+WWW TempatePluss2008-09-03 11:28

Labassergeii2008-09-01 10:34

+zinuciu merginimasJustas.p2008-08-29 20:55

+Postfix UBEziuras2008-08-29 13:10

+postfix+mysqlRobertas2008-08-29 11:40

+Cisco vpn - iptablesIgaliotinis patrulis!2008-08-29 10:30

+software raidTaip2008-08-28 21:12

+Q: hylafaxssh2008-08-28 10:54

+Gmail ir spamAladdin2008-08-27 22:05

+keli klausimai (daugiau su programavimu susiję)Žilvinas Ledas2008-08-27 14:26

+padekit su komandomImobili2008-08-27 11:59

+OT: optika ir optika-utp konverteriai kauneArtūras Šlajus2008-08-27 11:48

+Q: postfix (vienas domain'as 2 ofisai)Dex2008-08-27 11:12

+mistika su smtpRobertas2008-08-27 10:13

+Squid; SquidGuardPluss2008-08-27 10:05

15 14 13 12 11 10 9 8 7 6 5 4 3 2 1