# # $FreeBSD$ # # An example of packet filter definition. # # filterd: # # Don't keep Alive with ICMP,DNS and RIP packet # set afilter 0 deny icmp set afilter 1 deny udp src eq 53 set afilter 2 deny udp dst eq 53 set afilter 3 deny udp src eq 520 set afilter 4 deny udp dst eq 520 set afilter 5 permit 0/0 0/0 # # Don't dial with ICMP packet # set dfilter 0 deny icmp set dfilter 1 permit 0/0 0/0 # # Allow ident packet pass through # set ifilter 0 permit tcp dst eq 113 set ofilter 0 permit tcp src eq 113 # # Allow telnet connection to the Internet # set ifilter 1 permit tcp src eq 23 estab set ofilter 1 permit tcp dst eq 23 # # Allow ftp access to the Internet # set ifilter 2 permit tcp src eq 21 estab set ofilter 2 permit tcp dst eq 21 set ifilter 3 permit tcp src eq 20 dst gt 1023 set ofilter 3 permit tcp dst eq 20 # # Allow access to DNS # set ifilter 4 permit udp src eq 53 set ofilter 4 permit udp dst eq 53 # # Allow access from/to my company network # set ifilter 5 permit 192.244.191.0/24 0/0 set ofilter 5 permit 0/0 192.244.191.0/24 # # Allow ping and traceroute response # set ifilter 6 permit icmp set ofilter 6 permit icmp set ifilter 7 permit udp dst gt 33433 set ofilter 7 permit udp dst gt 33433 # # If none of above rules matches, then packet is blockd. #