File: example1.in

package info (click to toggle)
filtergen 0.12.8-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,924 kB
  • sloc: sh: 5,485; ansic: 4,268; yacc: 692; lex: 362; makefile: 165
file content (85 lines) | stat: -rw-r--r-- 2,959 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# this file contains all the examples from the filter_syntax.7 manpage

# MATCHES
            input eth0 ! dest 10.0.0.3 reject;

# OPTIONS
            input eth0 source {
                 10.0.0.0/8 192.168.0.0/16
            } log text "private addresses" drop;


# GROUPING
            input eth0 source foo dest bar proto tcp dport http accept;
            input eth0 source foo dest bar proto tcp dport https accept;
            input eth0 source foo dest bar proto tcp dport nntp accept;
            input eth0 source foo dest bar proto tcp sport 1:1023 dport ssh accept;

            input eth0 source foo dest bar proto tcp {
                 dport http;
                 dport https;
                 dport nntp;
                 sport 1:1023 dport ssh;
            } accept;
 
            input eth0 source foo dest bar proto tcp {
                 dport {http https nntp};
                 sport 1:1023 dport ssh;
            } accept;

# OUT-OF-LINE GROUPS 
            input eth0 source foo dest bar proto tcp {
                 dport {http https nntp};
                 sport 1:1023 dport ssh;
            } accept;
            input eth0 source baz dest quux proto tcp {
                 dport {1264 1521 1984 8008 8080 26000};
            } accept;

            input eth0 source foo dest bar [
                 proto tcp {
                      dport {http https nntp};
                      sport 1:1023 dport ssh;
                 } accept;
            ];
            input eth0 source baz dest quux [
                 proto tcp { dport {1264 1521 1984 8008 8080 26000}; } accept;
            ];

# EXAMPLE
           #
            # Example filter for (for example) a mail server
            #
 
            # Unfortunately, we don't have time to audit the
            # communications which go on locally
            {input lo; output lo} accept;
 
            # But we want to be a bit more careful when speaking
            # to the outside world
            input eth0 {
                 # Sadly, we share a DMZ with Windows machines.
                 # Don't log their netbios noise
                 proto {tcp udp} source ournet/24 dport 137:139 drop;
 
                 proto tcp {
                      dport { smtp pop-3 } accept;
                      dport ssh source ournet/24 accept;
                      # We don't answer this, but don't want to
                      # cause timeouts by blocking it
                      dport auth reject;
                      log drop;
                 };
                 # We don't run any UDP (or other non-TCP)
                 # services
                 log drop;
            };
            output eth0 {
                 proto tcp {
                      dport { smtp auth } accept;
                      log drop;
                 };
                 # Outbound DNS is OK
                 proto udp dport domain dest { ns0 ns1 } accept;
                 log drop;
            };