SHARE
TWEET

Untitled

a guest Mar 15th, 2017 188 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Macros
  2.  
  3. ext_if       = "bge0"
  4. lan_net      = "192.168.0.0/24"
  5. tcp_services = "{ ssh www https ipp ntp }"
  6. udp_services = "{ ipp }"
  7. icmp_types   = "{ echoreq unreach }"
  8.  
  9. # Tables
  10.  
  11. table <rfc1918> const { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
  12. table <ssh_abuse> persist
  13.  
  14. # Options
  15.  
  16. set block-policy drop                   # t(-_-t)
  17. set loginterface $ext_if
  18. set skip on lo0
  19.  
  20. # Filter Rules
  21.  
  22. block log all                           # t(-_-t)
  23.  
  24. block quick from <ssh_abuse>            # t(-_-t)
  25.  
  26. antispoof log quick for  $ext_if        # t(-_-t)
  27. block in  log quick from urpf-failed    # t(-_-t)
  28.  
  29. pass inet proto tcp to port $tcp_services keep state
  30. pass inet proto udp to port $udp_services keep state
  31.  
  32. pass log inet proto icmp icmp-type $icmp_types
  33.  
  34. pass quick proto tcp from any to any port ssh flags S/SA keep state \
  35.         (max-src-conn 15, max-src-conn-rate 15/5, overload <ssh_abuse> flush global)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top