diff options
| author | ngie <ngie@FreeBSD.org> | 2015-10-05 03:26:51 +0000 |
|---|---|---|
| committer | ngie <ngie@FreeBSD.org> | 2015-10-05 03:26:51 +0000 |
| commit | e1dd16d965b177f109afb771e59432e36f335d0a (patch) | |
| tree | 15db092a5401cf329f1bff9d3bf700d1fde0f121 /contrib/ipfilter/rules/example.3 | |
| parent | 115d008392113efc6f844baa7cc407e9eaae63db (diff) | |
| download | FreeBSD-src-e1dd16d965b177f109afb771e59432e36f335d0a.zip FreeBSD-src-e1dd16d965b177f109afb771e59432e36f335d0a.tar.gz | |
Revert r288682
I meant to do this on ^/user/ngie/more-tests
Pointyhat to: ngie (use svn info next time...)
Diffstat (limited to 'contrib/ipfilter/rules/example.3')
| -rw-r--r-- | contrib/ipfilter/rules/example.3 | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/contrib/ipfilter/rules/example.3 b/contrib/ipfilter/rules/example.3 new file mode 100644 index 0000000..cd31f73 --- /dev/null +++ b/contrib/ipfilter/rules/example.3 @@ -0,0 +1,40 @@ +# +# block all inbound packets. +# +block in from any to any +# +# pass through packets to and from localhost. +# +pass in from 127.0.0.1/32 to 127.0.0.1/32 +# +# allow a variety of individual hosts to send any type of IP packet to any +# other host. +# +pass in from 10.1.3.1/32 to any +pass in from 10.1.3.2/32 to any +pass in from 10.1.3.3/32 to any +pass in from 10.1.3.4/32 to any +pass in from 10.1.3.5/32 to any +pass in from 10.1.0.13/32 to any +pass in from 10.1.1.1/32 to any +pass in from 10.1.2.1/32 to any +# +# +# block all outbound packets. +# +block out from any to any +# +# allow any packets destined for localhost out. +# +pass out from any to 127.0.0.1/32 +# +# allow any host to send any IP packet out to a limited number of hosts. +# +pass out from any to 10.1.3.1/32 +pass out from any to 10.1.3.2/32 +pass out from any to 10.1.3.3/32 +pass out from any to 10.1.3.4/32 +pass out from any to 10.1.3.5/32 +pass out from any to 10.1.0.13/32 +pass out from any to 10.1.1.1/32 +pass out from any to 10.1.2.1/32 |
