added my two firewall examples, plus the stuff from the distribution

1 files changed, 33 insertions, 0 deletions

diff --git a/share/ipf/firewall.1 b/share/ipf/firewall.1
new file mode 100644
index 00000000000..49323797bc5
--- /dev/null
+++ b/share/ipf/firewall.1
@@ -0,0 +1,33 @@
+#
+#  This is an example of a very light firewall used to guard against
+#  some of the most easily exploited common security holes.
+#
+#  The example assumes it is running on a gateway with interface ppp0
+#  attached to the outside world, and interface ed0 attached to
+#  network 192.168.4.0 which needs to be protected.
+#
+#
+#  Pass any packets not explicitly mentioned by subsequent rules
+#
+pass out from any to any
+pass in from any to any
+#
+#  Block any inherently bad packets coming in from the outside world.
+#  These include ICMP redirect packets and IP fragments so short the
+#  filtering rules won't be able to examine the whole UDP/TCP header.
+#
+block in log quick on ppp0 proto icmp from any to any icmp-type redir
+block in log quick on ppp0 proto tcp/udp all with short
+#
+#  Block any IP spoofing atempts.  (Packets "from" our network
+#  shouldn't be coming in from outside).
+#
+block in log quick on ppp0 from 198.168.4.0/24 to any
+block in log quick on ppp0 from localhost to any
+#
+#  Block any incoming traffic to NFS ports, to the RPC portmapper, and
+#  to X servers.
+#
+block in log on ppp0 proto tcp/udp from any to any port = sunrpc
+block in log on ppp0 proto tcp/udp from any to any port = 2049
+block in log on ppp0 proto tcp from any to any port = 6000