Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # by Cooler_ 08/2008
- #macro da interface de rede usada pelo Packet filter
- #ifconfig para ver a interface a ser usada pelo PF
- placa = "rl0"
- # unica maquina que pode entrar SSH e FTP
- remote = "192.168.0.117"
- # Engana ataques fingerprint
- set optimization normal
- set require-order yes
- set fingerprints "/etc/pf.os"
- set skip on lo0
- # quebra pacotes mal formados
- scrub all reassemble tcp
- scrub out all no-df max-mss 1492 random-id
- antispoof for $placa inet
- # quebra scans com nmap
- block in quick proto tcp flags FUP/WEUAPRSF
- block in quick proto tcp flags WEUAPRSF/WEUAPRSF
- block in quick proto tcp flags SRAFU/WEUAPRSF
- block in quick proto tcp flags /WEUAPRSF
- block in quick proto tcp flags SR/SR
- block in quick proto tcp flags SF/SF
- block drop in quick on $placa from any os { NMAP }
- # Bloqueia tudo
- block all
- # libera saida de pacotes vinda desde computador
- pass out all keep state
- # Libera porta SSH soh para maquina $REMOTE
- pass in log quick on $placa inet proto tcp from $remote to any port { ssh } flags S/SA
- # Libera FTP para maquina $REMOTE
- pass in on $placa proto tcp from $remote to any port 21 keep state
- pass in on $placa proto tcp from $remote to any port > 49151 keep state
- # Libera para http para ip de fora da rede e da rede
- #pass in quick on $placa inet proto tcp to $placa port { http } flags S/SA keep state
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement