Hi all,
how do that to pf rules ??? thank.
################################################## ##############
#[Default policy]
################################################## ##############
block in all
block out all
################################################## ##############
# No restrictions on Loopback Interface
pass in quick on lo0 all
pass out quick on lo0 all
################################################## ###############
# Interface facing Public Internet (Inbound Section)
# Interrogate packets originating from the public Internet
# destine for this gateway server or the private network.
################################################## ###############
#IPV6
block in quick proto ipv6 all
block in quick proto ipv6-icmp all
#IGMP
block in quick on sis0 proto igmp all
#ICMP
block in log quick on sis0 proto icmp all
# Prevent spoof of bogus/non-routable addresses
# May seem like overkill since we already block everything,
# but we really want to make sure these networks never reaches us
use a bogon list and rfc3330
# Prevent outside machines from initiating TCP connections to machines within our network
block in log quick on sis0 proto tcp all flags S/S
block in log quick on sis0 proto tcp all flags S/SA
block in log quick on sis0 proto tcp all flags SA/SA
# OTHER ODDITIES
block in quick on sis0 all with ipopts
block in quick on sis0 all with frag
block in quick on sis0 all with short
# Now we are blocking packets that are too short to
# contain a complete header, or with source routing
# options (most-likely setted to bypass our firewall)
block in quick on sis0 all with opt lsrr
block in quick on sis0 all with opt ssrr
#filtrage sur le TOS ou le TTL
block in log quick on sis0 ttl 1
#Deny everything coming from doubleclick
block in quick from 208.211.225.0/24 to any
block in quick from 204.253.104.0/16 to any
block in quick from 205.138.3.0/24 to any
block in quick from 204.176.177.0/24 to any
block in quick from 208.184.29.150/32 to any
block in quick from 208.184.29.170/32 to any
block in quick from 208.184.29.190/32 to any
block in quick from 209.67.38.101/32 to any
block in quick from 209.67.38.106/32 to any
block in quick from 208.32.211.230/32 to any
# this will also protect syslog
block in log first quick on sis0 from any to any port 511 >< 516
#Stop broadcast of X/VNC/NFS/had to be up top
block in log first quick on sis0 from any to any port 5999 >< 6064
block in log first quick on sis0 from any to any port 5899 >< 5911
block in log first quick on sis0 from any to any port = 2049
#traceroute
block in log first quick on sis0 from any to any port 33434 >< 33465
# Block nmap OS fingerprint attempts nmap outing
# Log first occurrence of these so I can get their IP address
block in log first quick on sis0 proto tcp all flags FUP
block in log quick on sis0 proto tcp all flags FUP/FUP
block in log quick on sis0 proto tcp all flags FS/FS
block in log quick on sis0 proto tcp all flags /FSRPAU
block in log quick on sis0 proto tcp all flags FSRPAU
block in log quick on sis0 proto tcp all flags SF/SFRA
block in log quick on sis0 proto tcp all flags /SFRA
block in log quick on sis0 proto tcp all flags F/SFRA
block in log quick on sis0 proto tcp all flags U/SFRAU
block in log quick on sis0 proto tcp all flags P
block in log quick on sis0 proto tcp all flags FUP/WEUAPRSF
block in log quick on sis0 proto tcp all flags WEUAPRSF/WEUAPRSF
block in log quick on sis0 proto tcp all flags SRAFU/WEUAPRSF
block in log quick on sis0 proto tcp all flags /WEUAPRSF
block in log quick on sis0 proto tcp all flags SR/SR
block in log quick on sis0 proto tcp all flags SF/SF
block in log quick on sis0 proto tcp all flags /S
#ALL THE REST
block in log first quick on sis0 all
################################################## ###############
# Interface facing Public Internet (Outbound Section)
# Interrogate session start requests originating from behind the
# firewall on the private network
# or from this gateway server destine for the public Internet.
################################################## ###############
#IPV6
block out quick proto ipv6 all
block out quick proto ipv6-icmp all
#IGMP
block out quick on sis0 proto igmp all
#ICMP
block out log quick on sis0 proto icmp all
# Prevent spoof of bogus/non-routable addresses
# May seem like overkill since we already block everything,
# but we really want to make sure these networks never reaches us
use a bogon list and rfc3330
with ! for your ip
# Prevent outside machines from initiating TCP connections to machines within our network
block out log quick on sis0 proto tcp all flags SA/SA
#OTHER ODDITIES
block out quick on sis0 all with ipopts
block out quick on sis0 all with frag
block out quick on sis0 all with short
# Now we are blocking packets that are too short to
# contain a complete header, or with source routing
# options (most-likely setted to bypass our firewall)
block out quick on sis0 all with opt lsrr
block out quick on sis0 all with opt ssrr
#filtrage sur le TOS ou le TTL
block out log quick on sis0 ttl 1
# Block nmap OS fingerprint attempts nmap outing
# Log first occurrence of these so I can get their IP address
block out log first quick on sis0 proto tcp all flags FUP
block out log quick on sis0 proto tcp all flags FUP/FUP
block out log quick on sis0 proto tcp all flags FS/FS
block out log quick on sis0 proto tcp all flags /FSRPAU
block out log quick on sis0 proto tcp all flags FSRPAU
block out log quick on sis0 proto tcp all flags SF/SFRA
block out log quick on sis0 proto tcp all flags /SFRA
block out log quick on sis0 proto tcp all flags F/SFRA
block out log quick on sis0 proto tcp all flags U/SFRAU
block out log quick on sis0 proto tcp all flags P
block out log quick on sis0 proto tcp all flags FUP/WEUAPRSF
block out log quick on sis0 proto tcp all flags WEUAPRSF/WEUAPRSF
block out log quick on sis0 proto tcp all flags SRAFU/WEUAPRSF
block out log quick on sis0 proto tcp all flags /WEUAPRSF
block out log quick on sis0 proto tcp all flags SR/SR
block out log quick on sis0 proto tcp all flags SF/SF
# Deny everything coming from doubleclick
block out quick from 208.211.225.0/24 to any
block out quick from 204.253.104.0/16 to any
block out quick from 205.138.3.0/24 to any
block out quick from 204.176.177.0/24 to any
block out quick from 208.184.29.150/32 to any
block out quick from 208.184.29.170/32 to any
block out quick from 208.184.29.190/32 to any
block out quick from 209.67.38.101/32 to any
block out quick from 209.67.38.106/32 to any
block out quick from 208.32.211.230/32 to any
# Block rip
block out quick on sis0 proto tcp/udp from any to any port = 520
# Allow out access to my ISP's Domain name server.
# xxx must be the IP address of your ISP's DNS.
# Dup these lines if your ISP has more than one DNS server
# Get the IP addresses from /etc/resolv.conf file
pass out quick on sis0 proto udp from 192.168.1.2 mask 255.255.255.0 port 1023 >< 5000 to 192.168.1.1 mask 255.255.255.0 port = 53 keep state
# Allow out non-secure standard www function
pass out quick on sis0 proto tcp from 192.168.1.2 mask 255.255.255.0 port 1023 >< 5000 to any port = 80 flags S keep state keep frags
# Allow out secure www function https over TLS SSL
pass out quick on sis0 proto tcp from 192.168.1.2 mask 255.255.255.0 port 1023 >< 5000 to any port = 443 flags S keep state keep frags
# Allow out ftp (never any , ip of ftp , use host ftp name in konsole )
pass out quick on sis0 proto tcp from 192.168.1.2 mask 255.255.255.0 port 1023 >< 5000 to 69.50.233.146 port = 21 flags S keep state keep frags
# Allow out for ftp passive mode (never any , ip of ftp , use host ftp name in konsole )
pass out quick on sis0 proto tcp from 192.168.1.2 mask 255.255.255.0 port 1023 >< 5000 to 69.50.233.146 port >1023 flags S keep state keep frags
# Block and log only the first occurrence of everything
# else that's trying to get out.
# This rule enforces the block all by default logic.
block out log first quick on sis0 all
################### End of rules file ###########################
Help me.
Firewall ipfilter to pf rules
Linear Mode
