|
Lines 79-85
Link Here
|
| 79 |
|
79 |
|
| 80 |
############ |
80 |
############ |
| 81 |
# Only in rare cases do you want to change these rules |
81 |
# Only in rare cases do you want to change these rules |
| 82 |
$fwcmd add 100 pass all from any to any via lo0 |
82 |
$fwcmd add 150 pass all from any to any via lo0 |
| 83 |
$fwcmd add 200 deny all from any to 127.0.0.0/8 |
83 |
$fwcmd add 200 deny all from any to 127.0.0.0/8 |
| 84 |
|
84 |
|
| 85 |
|
85 |
|
|
Lines 151-162
Link Here
|
| 151 |
$fwcmd add deny all from ${onet}:${omask} to any in via ${iif} |
151 |
$fwcmd add deny all from ${onet}:${omask} to any in via ${iif} |
| 152 |
|
152 |
|
| 153 |
# Stop RFC1918 nets on the outside interface |
153 |
# Stop RFC1918 nets on the outside interface |
| 154 |
$fwcmd add deny all from 192.168.0.0:255.255.0.0 to any via ${oif} |
154 |
$fwcmd add deny all from 192.168.0.0:255.255.0.0 to any in via ${oif} |
| 155 |
$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} |
155 |
$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 out via ${oif} |
| 156 |
$fwcmd add deny all from 172.16.0.0:255.240.0.0 to any via ${oif} |
156 |
$fwcmd add deny all from 172.16.0.0:255.240.0.0 to any in via ${oif} |
| 157 |
$fwcmd add deny all from any to 172.16.0.0:255.240.0.0 via ${oif} |
157 |
$fwcmd add deny all from any to 172.16.0.0:255.240.0.0 out via ${oif} |
| 158 |
$fwcmd add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} |
158 |
$fwcmd add deny all from 10.0.0.0:255.0.0.0 to any in via ${oif} |
| 159 |
$fwcmd add deny all from any to 10.0.0.0:255.0.0.0 via ${oif} |
159 |
$fwcmd add deny all from any to 10.0.0.0:255.0.0.0 out via ${oif} |
| 160 |
|
160 |
|
| 161 |
# Allow TCP through if setup succeeded |
161 |
# Allow TCP through if setup succeeded |
| 162 |
$fwcmd add pass tcp from any to any established |
162 |
$fwcmd add pass tcp from any to any established |