Firewall - Windows(from BSD)

WIPFW firewall

(wipfw-0.2.7.zip 65.975kB)

Is an IPv4 firewall for windows,

remaked from original BSD ipfw.

This is small and open source firewall,

easly installed as service running

automaticly on evry start.

Written by:

Install by

install-deny.cmd(default deny)

install.cmd(default allow)

Uninistall by uninstall.cmd

Loadding rules loadrules.cmd

Configuration file: wipf.conf

Here is configuration for:

-ISP client with IP from DHCP server

(for LAN remove proper address space)

+ small, quite

- interface, NAT, IPv6, Layer 2 (working on it)

---------------------

(Let me know is you find what I can make better)

---------------------

Written by:

-q -f flush

##########

# LOOPBACK #

##########

add 0100 allow all from any to any via lo0

add 0101 deny log all from any to 127.0.0.0/8

add 0102 deny log all from 127.0.0.0/8 to any

# NAT add 0103 divert natd all from any to any

#########

# CONTROL #

#########

add 0200 check-state

add 0201 deny all from any to any frag in

add 0202 deny tcp from any to any established in

################

# OUTBOUND TRAFFIC #

################

# DHCP

add 0303 allow log udp from any to any 67 out keep-state

# ICMP

add 0301 allow icmp from any to any out icmptypes 8 keep-state limit src-addr 3

add 0302 deny icmp from any to any out

# DNS

add 0304 allow udp from any to any 53 out keep-state

add 0305 allow log tcp from any to any 53 out setup

# FTP PASSIVE

add 00306 allow tcp from me to any 21 out setup keep-state

add 00307 allow tcp from me to any 10000-65000 out setup keep-state

# SMTP, HTTP, POP3, NTP

add 0308 allow tcp from any to any 25,80,110,123 out setup keep-state

# SSH, WHOIS, SNMP, HTTPS

add 0309 allow tcp from any to any 22,43,161,443 out setup keep-state

# IRC

add 0310 allow tcp from any to any 6667 out setup keep-state

# LOG & DENY OUT

add 0311 deny log all from any to any out

##############

# INBOUND TRAFFIC #

##############

# ADRESS SPACE DENY

add 0400 deny all from 192.168.0.0/16 to any in

add 0401 deny all from 172.16.0.0/12 to any in

add 0402 deny all from 10.0.0.0/8 to any in

add 0403 deny all from 127.0.0.0/8 to any in

add 0404 deny all from 0.0.0.0/8 to any in

add 0405 deny all from 169.254.0.0/16 to any in

add 0406 deny all from 192.0.2.0/24 to any in

add 0407 deny all from 204.152.64.0/23 to any in

add 0408 deny all from 224.0.0.0/3 to any in

# NB's, IDENT DENY

add 0409 deny tcp from any to any 81,113,137,138,139,445 in

# DHCP

add 0415 allow udp from any to any 67 in

# PASSIVE FTP

add 0413 allow tcp from any to me 21 in setup keep-state limit src-addr 4

add 0414 allow tcp from any 20 to any 1024-49151 out setup keep limit src-addr 4

# ICMP

add 0410 allow icmp from any to any in icmptypes 0,11 in keep-state limit src-addr 23

add 0411 deny log icmp from any to any icmptype 5 in

add 0412 deny icmp from any to any in

# FRAG DENY

add 0416 deny all from any to any frag in

# ACK DENY

add 0417 deny tcp from any to any established in

# REJECT & LOG IN

add 0418 deny log all from any to any in

############

# DEFAULT DENY #

############

#add 0500 deny MAC form any to any

add 0500 deny log all from any to any

######

# END #

######

-------------------

To make world safer.

love and light,

:R

Forums > Help! > Firewall - Windows(from BSD)