#	$OpenBSD: ipf.rules,v 1.6 1997/11/04 08:39:32 deraadt Exp $
#
# IP filtering rules.  See the ipf(5) man page for more
# information on the format of this file, and /usr/share/ipf
# for example configuration files.
#
# Pass all packets by default.
# edit the ipfilter= line in /etc/rc.conf to enable IP filtering
#
# Old configuration
#pass in from any to any
#pass out from any to any
#
# Block all packets not adressed to your network
block in quick on tl0 from any to !80.84.34.51
# Block all Netbios pck. from localnetwork
block in quick proto udp from any to any port = 137
block in quick proto udp from any to any port = 138
block in quick proto tcp from any to any port = 139

# Enable icmp for ping and traceroute
pass in quick on tl0 proto icmp from any to 80.84.34.51 icmp-type 0 keep state
pass in quick on tl0 proto icmp from any to 80.84.34.51 icmp-type 8 keep state
pass in quick on tl0 proto icmp from any to 80.84.34.51 icmp-type 11 keep state
pass in quick on tl0 proto udp from any to 80.84.34.51 port 33434 >< 33690 keep state

# Allow all IP through the loopback interface by the localhost
pass in quick on lo0 from 127.0.0.1 to 127.0.0.1
#
# Allow all IP through the LAN interface from and to LAN adresses
# from servernet to this computer
pass in quick on ep1 from 192.168.1.0/24 to 192.168.1.42 
#pass out quick on ep1 from 192.168.1.42 to 192.168.1.0/24
#pass out quick on ep1 proto udp from 192.168.1.42 to 80.84.34.51 port = 53 keep state
#pass out quick on ep1 proto icmp from 192.168.1.42 to any keep state
pass out quick on ep1 proto tcp from 192.168.1.42 to any keep state
pass out quick on ep1 proto udp from 192.168.1.42 to any keep state
pass out quick on ep1 proto icmp from 192.168.1.42 to any keep state
#
# Allow all ip through the bridge from the nat machine
pass in quick on tl1 proto udp from 80.84.34.51 to any keep state
pass in quick on tl1 proto tcp from 80.84.34.51 to any keep state
pass in quick on tl1 proto icmp from 80.84.34.51 to any keep state
#

# Allow SSH and HTTP through the bridge from the internet to the nat machine
pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 22 flags S keep state
pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 80 flags S keep state
#
# Add some more services
pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 20 flags S keep state
pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 21 flags S keep state
pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 25 flags S keep state
pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 53 flags S keep state
pass in quick on tl0 proto udp from any to 80.84.34.51 port = 53 keep state
pass in quick on tl0 proto tcp from any to 80.84.34.51 port = 110 flags S keep state
#
# Block spamers
#block in quick on tl0 from 212.181.124.2 to any
#block in quick on tl0 from 212.181.124.3 to any
block in quick on tl0 proto udp from any to any port = 1985

# Deny & log ip not allowed until this point
block in log quick all