lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 00:24:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipfw: only allow traffic to/from me via cp_interfaces

Browse Source
This commit is contained in:
Fredrik Rönnvall 2019-02-15 08:09:05 +01:00
parent e8af5bee77
commit f2da545261
1 changed files with 6 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
View File

@ -99,22 +99,14 @@ add 202 skipto 60000 ipv6 from any to ::1
add 203 skipto 60000 ipv4 from any to 127.0.0.0/8
#======================================================================================
# Allow traffic to this hosts static ip's
#======================================================================================
{% for intf_key,interface in interfaces.iteritems() %}
{% if intf_key != "wan" and interface.ipaddr not in ["dhcp", "ppp", "pppoe", "l2tp", "pptp"] and interface.ipaddr|default("") != "" %}
add {{loop.index + 1000}} skipto 60000 ip from any to { 255.255.255.255 or {{interface.ipaddr}} } in
add {{loop.index + 1000}} skipto 60000 ip from { 255.255.255.255 or {{interface.ipaddr}} } to any out
add {{loop.index + 1000}} skipto 60000 icmp from { 255.255.255.255 or {{interface.ipaddr}} } to any out icmptypes 0
add {{loop.index + 1000}} skipto 60000 icmp from any to { 255.255.255.255 or {{interface.ipaddr}} } in icmptypes 8
{% endif %}
{% endfor %}
#======================================================================================
# Allow DNS to this host
# Allow traffic to this host
#======================================================================================
{% for item in cp_interface_list %}
add {{loop.index + 2000}} skipto 60000 udp from any to me dst-port 53 via {{item.if}} keep-state
add {{loop.index + 1000}} skipto 60000 udp from any to me dst-port 53 via {{item.if}} keep-state
add {{loop.index + 1000}} skipto 60000 ip from any to { 255.255.255.255 or me } in via {{item.if}}
add {{loop.index + 1000}} skipto 60000 ip from { 255.255.255.255 or me } to any out via {{item.if}}
add {{loop.index + 1000}} skipto 60000 icmp from { 255.255.255.255 or me } to any out via {{item.if}} icmptypes 0
add {{loop.index + 1000}} skipto 60000 icmp from any to { 255.255.255.255 or me } in via {{item.if}} icmptypes 8
{% endfor %}
{% for item in cp_interface_list %}