Written by:
Install by
install-deny.cmd(default deny)
install.cmd(default allow)
Uninistall by uninstall.cmd
Loadding rules loadrules.cmd
Written by:
-q -f flush
##########
# LOOPBACK #
##########
add 0100 allow all from any to any via lo0
add 0101 deny log all from any to 127.0.0.0/8
add 0102 deny log all from 127.0.0.0/8 to any
# NAT add 0103 divert natd all from any to any
#########
# CONTROL #
#########
add 0200 check-state
add 0201 deny all from any to any frag in
add 0202 deny tcp from any to any established in
################
# OUTBOUND TRAFFIC #
################
# DHCP
add 0303 allow log udp from any to any 67 out keep-state
# ICMP
add 0301 allow icmp from any to any out icmptypes 8 keep-state limit src-addr 3
add 0302 deny icmp from any to any out
# DNS
add 0304 allow udp from any to any 53 out keep-state
add 0305 allow log tcp from any to any 53 out setup
# FTP PASSIVE
add 00306 allow tcp from me to any 21 out setup keep-state
add 00307 allow tcp from me to any 10000-65000 out setup keep-state
# SMTP, HTTP, POP3, NTP
add 0308 allow tcp from any to any 25,80,110,123 out setup keep-state
# SSH, WHOIS, SNMP, HTTPS
add 0309 allow tcp from any to any 22,43,161,443 out setup keep-state
# IRC
add 0310 allow tcp from any to any 6667 out setup keep-state
# LOG & DENY OUT
add 0311 deny log all from any to any out
##############
# INBOUND TRAFFIC #
##############
# ADRESS SPACE DENY
add 0400 deny all from 192.168.0.0/16 to any in
add 0401 deny all from 172.16.0.0/12 to any in
add 0402 deny all from 10.0.0.0/8 to any in
add 0403 deny all from 127.0.0.0/8 to any in
add 0404 deny all from 0.0.0.0/8 to any in
add 0405 deny all from 169.254.0.0/16 to any in
add 0406 deny all from 192.0.2.0/24 to any in
add 0407 deny all from 204.152.64.0/23 to any in
add 0408 deny all from 224.0.0.0/3 to any in
# NB's, IDENT DENY
add 0409 deny tcp from any to any 81,113,137,138,139,445 in
# DHCP
add 0415 allow udp from any to any 67 in
# PASSIVE FTP
add 0413 allow tcp from any to me 21 in setup keep-state limit src-addr 4
add 0414 allow tcp from any 20 to any 1024-49151 out setup keep limit src-addr 4
# ICMP
add 0410 allow icmp from any to any in icmptypes 0,11 in keep-state limit src-addr 23
add 0411 deny log icmp from any to any icmptype 5 in
add 0412 deny icmp from any to any in
# FRAG DENY
add 0416 deny all from any to any frag in
# ACK DENY
add 0417 deny tcp from any to any established in
# REJECT & LOG IN
add 0418 deny log all from any to any in
############
# DEFAULT DENY #
############
#add 0500 deny MAC form any to any
add 0500 deny log all from any to any
######
# END #
######
POI THEO(R)IST
You aren't thinking or really existing unless you're willing to risk even your own sanity in the judgment of your existence.
Green peppers, lime pickle and whole-grain mustard = best sandwich filling.