[PC-BSD Commits] r13400 - pcbsd/current/system-overlay/usr/local/share/pcbsd/scripts
svn at pcbsd.org
svn at pcbsd.org
Mon Oct 17 08:52:13 PDT 2011
Author: kris
Date: 2011-10-17 08:52:13 -0700 (Mon, 17 Oct 2011)
New Revision: 13400
Modified:
pcbsd/current/system-overlay/usr/local/share/pcbsd/scripts/reset-firewall
Log:
Improve our default firewall rules with comments and fixes
Modified: pcbsd/current/system-overlay/usr/local/share/pcbsd/scripts/reset-firewall
===================================================================
--- pcbsd/current/system-overlay/usr/local/share/pcbsd/scripts/reset-firewall 2011-10-17 15:17:51 UTC (rev 13399)
+++ pcbsd/current/system-overlay/usr/local/share/pcbsd/scripts/reset-firewall 2011-10-17 15:52:13 UTC (rev 13400)
@@ -19,16 +19,29 @@
echo "antispoof quick for lo0 inet" >> $pf_rules
# block anything coming from source we have no back routes for
echo "block in from no-route to any" >> $pf_rules
-# Allow all outgoing traffic
+
+echo "# Block all other incoming" >> $pf_rules
+echo "block in log" >> $pf_rules
+
+echo '' >> $pf_rules
+echo '# Allow all outgoing traffic' >> $pf_rules
echo "pass out keep state" >> $pf_rules
-echo 'table <blacklist> persist file "/etc/blacklist"' >> $pf_rules
-echo "pass inet proto icmp from any to any" >> $pf_rules
-echo "pass inet6 proto icmp6 from any to any" >> $pf_rules
-#############################################################
# Deny all from our blacklist
+echo '' >> $pf_rules
+echo '# Block blacklist' >> $pf_rules
+echo 'table <blacklist> persist file "/etc/blacklist"' >> $pf_rules
echo "block from <blacklist> to any" >> $pf_rules
+echo '' >> $pf_rules
+echo "# Enable ICMP for IPv4 IPv6" >> $pf_rules
+echo "pass proto icmp all" >> $pf_rules
+echo "pass proto icmp6 all" >> $pf_rules
+#############################################################
+
+echo '' >> $pf_rules
+echo '# Nic Specific Rules' >> $pf_rules
+
DEVLIST=`ifconfig -l`
echo ${DEVLIST} | grep "lagg0" >/dev/null 2>/dev/null
@@ -76,6 +89,3 @@
fi
done
-echo "# Block all other incoming" >> $pf_rules
-echo "block in log" >> $pf_rules
-
More information about the Commits
mailing list