#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
# Block evil packets
block in log quick all with short
# Allow everything from our DNS servers in
pass in quick from 128.222.228.235/32 to any keep state
pass in quick from 128.222.228.236/32 to any keep state
pass in quick from 128.222.12.10/32 to any keep state
pass in quick from 10.5.140.176/32 to any keep state
# Let our iscsi traffic in
pass in quick from any to any port = 3260 keep state
pass in quick from 10.5.140.151/32 to any keep state
# Allow SSH access in
pass in quick proto tcp from any to any port = 22 keep state
# Allow and log icmp packets
pass in log quick proto icmp all keep state
# Allow access to the rest of the world
pass out quick from any to any keep state
# Explicitly block telnet and everything else
block in quick proto tcp from any to any port = 23
block in quick from any to any
Yep, pretty basic. I have to say, I think I might actually like ipfilter better than iptables. Maybe that’s only because I’ve only done basic stuff with it so far.
Pingback: unix86.org » Solaris Firewall Resources / Linux Bandwidth / Linux Memory