Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ./../../../../../../etc/firewall/pf.conf.www2
Real path: /etc/firewall/pf.conf.www2
Zurück

#
# erzeugt von /etc/firewall/restpf am: Tue Jul 30 10:01:06 CEST 2019
#
# /etc/firewall/pf.conf
#
#       www2
#     Tue Jul 30 08:55:28 CEST 2019
#
# Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
#
# This is the default PF configuration file. The rules found here provide
# no policy/protection. To set up desired policy you must add your
# own rules here. See pf.conf(7) for details.
#
# As soon as firewall gets enabled with configuration shipped by the firewall
# package, the firewall service is transitioned to degraded state.  This is to
# let system administrator know the firewall is not configured yet, such
# firewall can not provide any network protection.
#

#
# PF does IP reassembly by default. We also use 'no-df' option on Solaris
# to ensure IP reassembly working with broken stacks which can send packets
# with invalid flag combination 'MF|DF'.
#
set reassemble yes no-df

#
#  tables:
#      1         -  local host
#      2         -  locale Netze
#      3         -  broadcast
#     10         -  icmp, nagios
#     15         -  ssh
#     33         -  SSH-Sperre
#     100        -  Institut und CMS
#

#
# We don't want PF to filter on loopback traffic by default.
# 
# Filtering on loopback can interfere with zone installation and other
# operations due to Solaris loopback optimizations. See the pf.conf(7)
# manpage for guidance on how to enable it for your application.
#
set skip on lo0

##########################
#   Hardwareinterfaces   #
##########################

#       141.20.20.45    - Internet www2
ext_if0="vnic1"
#       141.20.20.xx    - Internet
ext_if1=""
#       141.20.20.xx    - Internet
ext_if2=""
#       141.20.20.xx    - Internet
ext_if3=""
#       141.20.20.xx    - Internet
ext_if4=""

#
#    alle externen Interfaces
ext_if="{" $ext_if0 $ext_if1 $ext_if2 $ext_if3 $ext_if4 "}"
#
#  collect of packet and byte count statistics on given interface
# set loginterface $ext_if1
set loginterface none
#
#  default block action
# set block-policy drop
set block-policy return
#
#  include pools
#
include "/etc/firewall/pfpool.conf"
#
##############################
#       Firewall config      #
##############################

block log all
# block  all

##############################
# allow all outgoing traffic #
##############################
pass out quick on $ext_if all

##############################
#  quick block from hacker   #
##############################
block drop in quick on $ext_if from <pool_33> to any

##############################
#  nagios (nrpe)             #
##############################
pass in quick on $ext_if proto tcp from <pool_10> to <pool_1> port 5666 
pass in quick on $ext_if proto udp from <pool_10> to <pool_1> port 5666

##############################
#  ping                      #
##############################
#     20er Netz, madrid, dna
pass in quick on $ext_if inet proto icmp from <pool_10> to <pool_1> 
pass in quick on $ext_if inet proto icmp from <pool_100> to <pool_1>

##############################
#           SSH rules        #
##############################
pass in quick on $ext_if inet proto tcp from <pool_15> to <pool_1> port 22

##############################
#     identd                 #
##############################
pass in quick on $ext_if proto tcp from <pool_100> to <pool_1> port 113 
pass in quick on $ext_if proto udp from <pool_100> to <pool_1> port 113

##############################
#     http                   #
##############################
pass in quick on $ext_if inet proto tcp from 141.20.23.59 to <pool_1> port 80 
pass in quick on $ext_if proto tcp from any to <pool_1> port 80 
pass in quick on $ext_if proto udp from any to <pool_1> port 80

##############################
#     https                  #
##############################
pass in quick on $ext_if inet proto tcp from 141.20.23.59 to <pool_1> port 443 
pass in quick on $ext_if proto tcp from any to <pool_1> port 443 
pass in quick on $ext_if proto udp from any to <pool_1> port 443

##############################
#     proxy                  #
##############################
pass in quick on $ext_if proto tcp from <pool_100> to <pool_1> port 8000 
pass in quick on $ext_if proto udp from <pool_100> to <pool_1> port 8000

#
# fuer NFS4 aus /etc/firewall/pf.conf.base.nfs4
#   
#    Version 1.2
#    Tue Jul 30 07:57:50 CEST 2019
#
###############################
# NFS-Server  only Version 4  #
###############################
pass in quick on $ext_if proto tcp from <pool_2> to <pool_3> port 111 
pass in quick on $ext_if proto udp from <pool_2> to <pool_3> port 111 
pass in quick on $ext_if proto tcp from <pool_100> port 2049 to <pool_1> port 0 >< 1024 
pass in quick on $ext_if proto udp from <pool_100> port 2049 to <pool_1> port 0 >< 1024 
pass in quick on $ext_if proto tcp from <pool_100> to <pool_1> port 111 
pass in quick on $ext_if proto udp from <pool_100> to <pool_1> port 111 
pass in quick on $ext_if proto tcp from <pool_100> to <pool_1> port 4045 
pass in quick on $ext_if proto udp from <pool_100> to <pool_1> port 4045 
pass in quick on $ext_if proto tcp from <pool_100> to <pool_1> port 2049 
#
#
#  Tuesday, June 25, 2019 07:26:02 AM CEST
#
#########################################
# Blocken was nicht ins Protokoll soll  #
#########################################
#
block in quick on $ext_if from any to <pool_3>
block in quick on $ext_if from any to 255.255.255.255
block in quick on $ext_if from any to 224.0.0.251
block in quick on $ext_if from 0.0.0.0       to any