Project

General

Profile

Actions

Feature #13956

open

Add advanced firewall rule function

Added by yon Liu almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

I want to implement something like the following rule functionality in pfsense. This function is used to prevent interference with normal data packets and various attacks. Practical application case:Jamming and tampering of network packets against the Great Firewall of China.

iptables -t raw -A PREROUTING -m bpf --bytecode '38,48 0 0 0,84 0 0 240,21 34 0 96,48 0 0 0,84 0 0 240,21 0 31 64,48 0 0 9,21 0 29 17,40 0 0 6,69 27 0 8191,177 0 0 0,72 0 0 0,21 0 24 53,40 0 0 2,37 22 0 128,72 0 0 12,21 0 20 1,72 0 0 14,21 0 18 1,72 0 0 16,21 0 16 0,72 0 0 18,21 0 14 1,72 0 0 4,20 0 0 8,12 0 0 0,7 0 0 0,64 0 0 0,21 0 8 268435456,177 0 0 0,72 0 0 4,20 0 0 4,12 0 0 0,7 0 0 0,64 0 0 0,21 0 1 0,6 0 0 65535,6 0 0 0' -j DROP

ip6tables -t raw -A PREROUTING -m bpf --bytecode '29,48 0 0 0,84 0 0 240,21 0 25 96,48 0 0 6,21 0 23 17,40 0 0 40,21 0 21 53,40 0 0 4,37 19 0 128,40 0 0 52,21 0 17 1,40 0 0 54,21 0 15 1,40 0 0 56,21 0 13 0,40 0 0 58,21 0 11 1,40 0 0 4,20 0 0 8,7 0 0 1,64 0 0 40,21 0 6 268435456,40 0 0 4,20 0 0 4,7 0 0 6,64 0 0 40,21 0 1 0,6 0 0 65535,6 0 0 0' -j DROP

No data to display

Actions

Also available in: Atom PDF