firewall

ipfw add 1 deny ip from 10.0.0.0/8 to any
ipfw add 1 deny ip from any to 10.0.0.0/8
ipfw add 1 deny ip from 172.16.0.0/12 to any
ipfw add 1 deny ip from any to 172.16.0.0/12
ipfw add 1 deny ip from 192.168.0.0/16 to any
ipfw add 1 deny ip from any to 192.168.0.0/16

ipfw add 2 deny tcp from any 135 to any
ipfw add 2 deny tcp from any 137 to any
ipfw add 2 deny tcp from any 138 to any
ipfw add 2 deny tcp from any 139 to any
ipfw add 2 deny tcp from any 445 to any
ipfw add 2 deny tcp from any 4444 to any
ipfw add 2 deny tcp from any 6129 to any
ipfw add 2 deny tcp from any 2745 to any
ipfw add 2 deny tcp from any 3127-3128 to any
ipfw add 2 deny tcp from any to any 593
ipfw add 2 deny tcp from any to any 1434
ipfw add 2 deny tcp from any to any 1433
ipfw add 2 deny tcp from any to any 1214
ipfw add 2 deny tcp from any to any 1373
ipfw add 2 deny tcp from any to any 1377
ipfw add 2 deny tcp from any to any 1214
ipfw add 2 deny tcp from any to any 1080
ipfw add 2 deny tcp from any to any 1363
ipfw add 2 deny tcp from any to any 1364
ipfw add 2 deny tcp from any to any 1368
ipfw add 2 deny tcp from any to any 2283
ipfw add 2 deny tcp from any to any 2535
ipfw add 2 deny tcp from any to any 3410
ipfw add 2 deny tcp from any to any 5554
ipfw add 2 deny tcp from any to any 8866
ipfw add 2 deny tcp from any to any 9898
ipfw add 2 deny tcp from any to any 9668
ipfw add 2 deny tcp from any to any 2745

ipfw add 2 deny udp from any 135 to any
ipfw add 2 deny udp from any 137 to any
ipfw add 2 deny udp from any 138 to any
ipfw add 2 deny udp from any 139 to any
ipfw add 2 deny udp from any 445 to any
ipfw add 2 deny udp from any 3127-3128 to any
ipfw add 2 deny udp from any to any 593
ipfw add 2 deny udp from any to any 1434
ipfw add 2 deny udp from any to any 1433
ipfw add 2 deny udp from any to any 1214
ipfw add 2 deny udp from any to any 1373
ipfw add 2 deny udp from any to any 1377
ipfw add 2 deny udp from any to any 1214
ipfw add 2 deny udp from any to any 1080
ipfw add 2 deny udp from any to any 1363
ipfw add 2 deny udp from any to any 1364
ipfw add 2 deny udp from any to any 1368
ipfw add 2 deny udp from any to any 2283
ipfw add 2 deny udp from any to any 2535
ipfw add 2 deny udp from any to any 3410
ipfw add 2 deny udp from any to any 5554
ipfw add 2 deny udp from any to any 8866
ipfw add 2 deny udp from any to any 9898
ipfw add 2 deny udp from any to any 9668
ipfw add 2 deny udp from any to any 2745

#other
ipfw add 4 allow icmp from any to any icmptype 0
ipfw add 4 allow icmp from any to any icmptype 8
ipfw add 4 allow icmp from any to any icmptype 11
ipfw add 5 deny icmp from any to any

#limit
ipfw add 317 queue 7 ip from 16.68.16.13 to any via sk0
ipfw queue 7 config weight 60 pipe 7 mask all
ipfw pipe 7 config bw 512Kbit/s queue 350KBytes gred 0.002/5/15/0.1

ipfw add 417 queue 300 ip from any to 16.68.16.13 via sk0
ipfw queue 300 config weight 60 pipe 300 mask all
ipfw pipe 300 config bw 512Kbit/s queue 350KBytes gred 0.002/5/15/0.1
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)