Un simulateur de PF
#1

Hi

Je viens de trouver un logiciel qui est capable de générer des régles de plusieurs firewall dont PF. La prise en main est graphique et facile.

Voici un exemple de config déjà prédéfinie: (modifiable a volonté)

Citation : # Rule 0 (eth0)
block in log quick on eth0 inet from self to self label "RULE 0 -- DROP "
#
# Rule 1 (lo)
pass quick on lo inet from any to any label "RULE 1 -- ACCEPT "
#
# Rule 2 (global)
# OpenbsdTongueolicy:2: warning: Changing rule direction due to self reference

pass in quick inet proto icmp from any to self icmp-type { 3 , 0 code 0 , 11 code 0 , 11 code 1 } keep state label "RULE 2 -- ACCEPT "
pass in quick inet proto tcp from any to self port { 80, 22 } keep state label "RULE 2 -- ACCEPT "
#
# Rule 3 (global)
# server needs DNS to back-resolve clients IPs.
# Even if it does not log host names during its
# normal operations, statistics scripts such as
# webalizer need it for reporting.
# OpenbsdTongueolicy:3: warning: Changing rule direction due to self reference

pass out quick inet proto tcp from self to any port 53 keep state label "RULE 3 -- ACCEPT "
pass out quick inet proto udp from self to any port 53 keep state label "RULE 3 -- ACCEPT "
#
# Rule 4 (global)
# this rule allows the server to send
# statistics and reports via email. Disable
# this rule if you do not need it.
# OpenbsdTongueolicy:4: warning: Changing rule direction due to self reference

pass out quick inet proto tcp from self to any port 25 keep state label "RULE 4 -- ACCEPT "
#
# Rule 5 (global)
# this rejects auth (ident) queries that remote
# mail relays may send to this server when it
# tries to send email out.
# OpenbsdTongueolicy:5: warning: Changing rule direction due to self reference

block return-icmp in quick inet proto tcp from any to self port 113 label "RULE 5 -- REJECT "
#
# Rule 6 (global)
# OpenbsdTongueolicy:6: warning: Changing rule direction due to self reference

block in log quick inet from any to self label "RULE 6 -- DROP "
#
# Rule fallback rule
# fallback rule
block quick inet from any to any label "RULE 10000 -- DROP "

Comme, vous venez de le voir. Les régles et les explications sont à la portée de tous.

http://www.fwbuilder.org

Notice en html et pdf :
http://www.fwbuilder.org/4.0/docs/users_guide5/
Répondre
#2

Intéressant !

Merci

GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF  9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D  5B62 D0FF 7361 59BF 1733
Répondre
#3

Merci, je connaissais ce soft, mais je ne savais pas qu'il savait générer les règles pf !
Répondre
#4

Je partage mes maigres connaissances.
Répondre


Atteindre :


Utilisateur(s) parcourant ce sujet : 1 visiteur(s)