Hallo, dies ist ein Test.
PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html
Running in File Mode
Relative path: ./../../../../.././../etc/firewall/pf.conf.base.bak_20200903
Real path: /etc/firewall/pf.conf.base.bak_20200903
Zurück
# BASEDIR/pf.conf # # Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. # # This is the default PF configuration file. The rules found here provide # no policy/protection. To set up desired policy you must add your # own rules here. See pf.conf(7) for details. # # As soon as firewall gets enabled with configuration shipped by the firewall # package, the firewall service is transitioned to degraded state. This is to # let system administrator know the firewall is not configured yet, such # firewall can not provide any network protection. # # # PF does IP reassembly by default. We also use 'no-df' option on Solaris # to ensure IP reassembly working with broken stacks which can send packets # with invalid flag combination 'MF|DF'. # set reassemble yes no-df # # tables: # 1 - local host # 2 - locale Netze # 3 - broadcast # 10 - icmp, nagios # 15 - ssh # 33 - SSH-Sperre # 100 - Institut und CMS # # # We don't want PF to filter on loopback traffic by default. # # Filtering on loopback can interfere with zone installation and other # operations due to Solaris loopback optimizations. See the pf.conf(7) # manpage for guidance on how to enable it for your application. # set skip on lo0 ########################## # Hardwareinterfaces # ########################## # 141.20.20.45 - Internet www2 ext_if0="vnic1" # 141.20.20.xx - Internet ext_if1="" # 141.20.20.xx - Internet ext_if2="" # 141.20.20.xx - Internet ext_if3="" # 141.20.20.xx - Internet ext_if4="" # # alle externen Interfaces ext_if="{" $ext_if0 $ext_if1 $ext_if2 $ext_if3 $ext_if4 "}" # # collect of packet and byte count statistics on given interface # set loginterface $ext_if1 set loginterface none # # default block action # set block-policy drop set block-policy return # # include pools # include "BASEDIR/pfpool.conf" # ############################## # Firewall config # ############################## block log all # block all pass out quick on $ext_if all ############################## # quick block from hacker # ############################## block drop in quick on $ext_if from <pool_33> to any ############################## # nagios (nrpe) # ############################## pass in quick on $ext_if proto tcp from <pool_10> to <pool_1> port 5666 pass in quick on $ext_if proto udp from <pool_10> to <pool_1> port 5666 ############################## # ping # ############################## # 20er Netz, madrid, dna pass in quick on $ext_if inet proto icmp from <pool_10> to <pool_1> pass in quick on $ext_if inet proto icmp from <pool_100> to <pool_1> ############################## # SSH rules # ############################## pass in quick on $ext_if inet proto tcp from <pool_15> to <pool_1> port 22 ############################## # identd # ############################## pass in quick on $ext_if proto tcp from <pool_100> to <pool_1> port 113 pass in quick on $ext_if proto udp from <pool_100> to <pool_1> port 113 ############################## # http # ############################## pass in quick on $ext_if inet proto tcp from 141.20.23.59 to <pool_1> port 80 pass in quick on $ext_if proto tcp from any to <pool_1> port 80 pass in quick on $ext_if proto udp from any to <pool_1> port 80 ############################## # https # ############################## pass in quick on $ext_if inet proto tcp from 141.20.23.59 to <pool_1> port 443 pass in quick on $ext_if proto tcp from any to <pool_1> port 443 pass in quick on $ext_if proto udp from any to <pool_1> port 443 ############################## # proxy # ############################## pass in quick on $ext_if proto tcp from <pool_100> to <pool_1> port 8000 pass in quick on $ext_if proto udp from <pool_100> to <pool_1> port 8000