freebsd:pf
Table des matières
pf
Kernel
On ajoute ça :
device pf device pflog device pfsync
On recompile :
make buildkernel KERNCONF=MONKERNEL make installkernel KERNCONF=MONKERNEL
Exemple de fichier de configuration
/etc/pf.conf :
ext_if="re0" int_if="lo0" table <white_list> { XXX.XXX.XXX.XXX } table <bad_hosts> persist file "/etc/bad_hosts" scrub in all #Refuse tout le traffic entrant et log, autorise tout traffice sortant block in log (all) all pass out all set skip on lo0 #Autoriser toutes les ip se trouvant dans "white_list" pass in quick on $ext_if from <white_list> to any #Autoriser les paquets icmp et icmp V6 pass in quick proto icmp6 all pass in quick proto icmp all #Bloquer les ip dans "bad_hosts" block quick from <bad_hosts> #Autorise Http et SSH avec limite de tentative de connexion avant refus et inclusion dans la liste "bad_hosts" pass in on $ext_if proto tcp to ($ext_if) port http keep state (max-src-conn-rate 20/5, overload <bad_hosts> flush global) pass in on $ext_if proto tcp to ($ext_if) port ssh keep state (max-src-conn-rate 10/60, overload <bad_hosts> flush global) #Autorise les requetes DNS pass in on $ext_if proto tcp to ($ext_if) port domain pass in on $ext_if proto udp to ($ext_if) port domain #Autorise traceroute pass in on $ext_if proto udp to ($ext_if) port 33433 >< 33626 keep state
freebsd/pf.txt · Dernière modification : 2013/10/23 13:10 de sheltem