Revision 23f1acdd
Added by Seth Mos over 14 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 2082 | 2082 |
#--------------------------------------------------------------------------- |
| 2083 | 2083 |
# default deny rules |
| 2084 | 2084 |
#--------------------------------------------------------------------------- |
| 2085 |
block in $log all label "Default deny rule"
|
|
| 2086 |
block out $log all label "Default deny rule"
|
|
| 2085 |
block in $log inet all label "Default deny rule IPv4"
|
|
| 2086 |
block out $log inet all label "Default deny rule IPv4"
|
|
| 2087 | 2087 |
block in $log inet6 all label "Default deny rule IPv6" |
| 2088 | 2088 |
block out $log inet6 all label "Default deny rule IPv6" |
| 2089 | 2089 |
|
| 2090 | 2090 |
# We use the mighty pf, we cannot be fooled. |
| 2091 | 2091 |
block quick inet proto { tcp, udp } from any port = 0 to any
|
| 2092 | 2092 |
block quick inet proto { tcp, udp } from any to any port = 0
|
| 2093 |
block quick inet6 proto { tcp, udp } from any port = 0 to any
|
|
| 2094 |
block quick inet6 proto { tcp, udp } from any to any port = 0
|
|
| 2093 | 2095 |
|
| 2094 | 2096 |
|
| 2095 | 2097 |
EOD; |
Also available in: Unified diff
Setup packet spoofing rules for inet and inet6
Adjust the default Deny All rules for inet and inet6, rename labels