Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ./../../../../.././../etc/firewall/pf_ssh_only.conf
Real path: /etc/firewall/pf_ssh_only.conf
Zurück

# /etc/firewall/pf_ssh_only.conf # # Copyright (c) 2019, 2021, Oracle and/or its affiliates. # # Configuration that allows only ssh in, everything out, and DHCP # # # PF does IP reassembly by default. We also use 'no-df' option on Solaris # to ensure IP reassembly working with broken stacks which can send packets # with invalid flag combination 'MF|DF'. # set reassemble yes no-df # # We don't want PF to filter on loopback traffic by default. # # Filtering on loopback can interfere with zone installation and other # operations due to Solaris loopback optimizations. See the pf.conf(7) # manpage for guidance on how to enable it for your application. set skip on lo0 # block everything unless told otherwise and send TCP-RST/ICMP # unreachable for every packet which gets blocked block return # accept incoming SSH connections pass in proto tcp to any port 22 # allow DHCP do its work - incoming messages pass in inet proto udp from port 67 to port 68 pass in inet6 proto udp from port 547 to port 546 # packet too big - needed for PMTUD pass in inet6 proto ipv6-icmp icmp6-type 2 # router advertisment pass in inet6 proto ipv6-icmp icmp6-type 134 # neighbor solicitation pass in inet6 proto ipv6-icmp icmp6-type 135 # neighbor advertisment pass in inet6 proto ipv6-icmp icmp6-type 136 # Block iSCSI traffic to OCI block volume service from non-root users block out quick proto tcp to { 169.254.0.2/32, 169.254.2.0/24 } port 3260 user > 0 # allow all connections initiated from this machine, this # includes e.g. DHCP requests pass out