1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
#
# Example filter for (for example) a mail server
# $Id: example.filter,v 1.3 2001/10/06 19:07:17 matthew Exp $
#
# Unfortunately, we don't have time to audit the
# communications which go on locally
{input lo; output lo} accept;
# But we want to be a bit more careful when speaking
# to the outside world
input eth0 {
proto tcp {
dport { smtp pop-3 } accept;
dport ssh source ournet/24 accept;
# We don't answer this, but don't want to
# cause timeouts by blocking it
dport auth reject;
log drop;
};
# We don't run any UDP (or other non-TCP)
# services
log drop;
};
output eth0 {
proto tcp {
dport { smtp auth } accept;
log drop;
};
# Outbound DNS is OK
proto udp dport domain dest { ns0 ns1 } accept;
log drop;
};
|
