diff options
| author | Bill Marquette <billm@pfsense.org> | 2005-02-26 01:45:34 +0000 |
|---|---|---|
| committer | Bill Marquette <billm@pfsense.org> | 2005-02-26 01:45:34 +0000 |
| commit | ff1955eeab587d34bdfc36e66f751cacc73c0980 (patch) | |
| tree | 6aeb917c4bbc001eff51afc16fe1ed2786b61087 /etc/inc | |
| parent | d7375115c181885d3f3e1d204250edc742d45129 (diff) | |
| download | pfsense-ff1955eeab587d34bdfc36e66f751cacc73c0980.zip pfsense-ff1955eeab587d34bdfc36e66f751cacc73c0980.tar.gz | |
Enable bogon filtering
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/filter.inc | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3395a94..82feef3 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1109,9 +1109,20 @@ EOD; } - $ipfrules .= <<<EOD + /* block bogon networks on WAN */ + /* http://www.cymru.com/Documents/bogon-bn-nonagg.txt */ + /* XXX - pull from www.cymru.com at some point so we don't have to manually update */ + if (isset($config['interfaces']['wan']['blockbogons'])) { + $ipfrules .= <<<EOD +# block bogon networks +# http://www.cymru.com/Documents/bogon-bn-nonagg.txt +table <bogons> persist file "/etc/bogons" +block in $log quick on $wanif from <bogons> to any label "block bogon networks from wan" +EOD; + + $ipfrules .= <<<EOD # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on $wanif all keep state label "let out anything from firewall host itself" @@ -1606,4 +1617,4 @@ function create_firewall_outgoing_rules_to_itself() { return $rule; } -?>
\ No newline at end of file +?> |
