1995-01-31 06:24:33 +00:00
|
|
|
#
|
1997-06-10 10:04:20 +00:00
|
|
|
# $Id: ppp.conf.filter.sample,v 1.4 1997/02/23 09:21:10 peter Exp $
|
1995-01-31 06:24:33 +00:00
|
|
|
#
|
1997-06-10 10:04:20 +00:00
|
|
|
# An example of packet filter definitions. Merge whatever rules you
|
|
|
|
# want into your ppp.conf file.
|
1995-01-31 06:24:33 +00:00
|
|
|
#
|
|
|
|
filterd:
|
1995-02-26 12:18:08 +00:00
|
|
|
#
|
1997-06-10 10:04:20 +00:00
|
|
|
# Don't keep Alive with ICMP,DNS and RIP packets
|
1995-02-26 12:18:08 +00:00
|
|
|
#
|
|
|
|
set afilter 0 deny icmp
|
|
|
|
set afilter 1 deny udp src eq 53
|
|
|
|
set afilter 2 deny udp dst eq 53
|
|
|
|
set afilter 3 deny udp src eq 520
|
|
|
|
set afilter 4 deny udp dst eq 520
|
|
|
|
set afilter 5 permit 0/0 0/0
|
1995-01-31 06:24:33 +00:00
|
|
|
#
|
1997-06-10 10:04:20 +00:00
|
|
|
# Don't let ICMP packets cause us to dial
|
1995-01-31 06:24:33 +00:00
|
|
|
#
|
|
|
|
set dfilter 0 deny icmp
|
|
|
|
set dfilter 1 permit 0/0 0/0
|
|
|
|
#
|
1997-06-10 10:04:20 +00:00
|
|
|
# Allow ident packets to pass through
|
1995-01-31 06:24:33 +00:00
|
|
|
#
|
|
|
|
set ifilter 0 permit tcp dst eq 113
|
|
|
|
set ofilter 0 permit tcp src eq 113
|
|
|
|
#
|
1997-06-10 10:04:20 +00:00
|
|
|
# Allow telnet connections to the Internet
|
1995-01-31 06:24:33 +00:00
|
|
|
#
|
|
|
|
set ifilter 1 permit tcp src eq 23 estab
|
|
|
|
set ofilter 1 permit tcp dst eq 23
|
|
|
|
#
|
|
|
|
# Allow ftp access to the Internet
|
|
|
|
#
|
|
|
|
set ifilter 2 permit tcp src eq 21 estab
|
|
|
|
set ofilter 2 permit tcp dst eq 21
|
|
|
|
set ifilter 3 permit tcp src eq 20 dst gt 1023
|
|
|
|
set ofilter 3 permit tcp dst eq 20
|
|
|
|
#
|
1997-06-10 10:04:20 +00:00
|
|
|
# Allow access to any DNS
|
1995-01-31 06:24:33 +00:00
|
|
|
#
|
|
|
|
set ifilter 4 permit udp src eq 53
|
|
|
|
set ofilter 4 permit udp dst eq 53
|
|
|
|
#
|
|
|
|
# Allow access from/to my company network
|
|
|
|
#
|
|
|
|
set ifilter 5 permit 192.244.191.0/24 0/0
|
|
|
|
set ofilter 5 permit 0/0 192.244.191.0/24
|
|
|
|
#
|
|
|
|
# Allow ping and traceroute response
|
|
|
|
#
|
|
|
|
set ifilter 6 permit icmp
|
|
|
|
set ofilter 6 permit icmp
|
|
|
|
set ifilter 7 permit udp dst gt 33433
|
|
|
|
set ofilter 7 permit udp dst gt 33433
|
|
|
|
#
|
1997-06-10 10:04:20 +00:00
|
|
|
# If none of the above rules matche, then the packet is blocked.
|
1995-01-31 06:24:33 +00:00
|
|
|
#
|