summaryrefslogtreecommitdiffstats
path: root/etc/inc
diff options
context:
space:
mode:
authorBill Marquette <billm@pfsense.org>2005-02-26 01:45:34 +0000
committerBill Marquette <billm@pfsense.org>2005-02-26 01:45:34 +0000
commitff1955eeab587d34bdfc36e66f751cacc73c0980 (patch)
tree6aeb917c4bbc001eff51afc16fe1ed2786b61087 /etc/inc
parentd7375115c181885d3f3e1d204250edc742d45129 (diff)
downloadpfsense-ff1955eeab587d34bdfc36e66f751cacc73c0980.zip
pfsense-ff1955eeab587d34bdfc36e66f751cacc73c0980.tar.gz
Enable bogon filtering
Diffstat (limited to 'etc/inc')
-rw-r--r--etc/inc/filter.inc15
1 files changed, 13 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 3395a94..82feef3 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1109,9 +1109,20 @@ EOD;
}
- $ipfrules .= <<<EOD
+ /* block bogon networks on WAN */
+ /* http://www.cymru.com/Documents/bogon-bn-nonagg.txt */
+ /* XXX - pull from www.cymru.com at some point so we don't have to manually update */
+ if (isset($config['interfaces']['wan']['blockbogons'])) {
+ $ipfrules .= <<<EOD
+# block bogon networks
+# http://www.cymru.com/Documents/bogon-bn-nonagg.txt
+table <bogons> persist file "/etc/bogons"
+block in $log quick on $wanif from <bogons> to any label "block bogon networks from wan"
+EOD;
+
+ $ipfrules .= <<<EOD
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on $wanif all keep state label "let out anything from firewall host itself"
@@ -1606,4 +1617,4 @@ function create_firewall_outgoing_rules_to_itself() {
return $rule;
}
-?> \ No newline at end of file
+?>
OpenPOWER on IntegriCloud