Created
June 3, 2017 13:10
-
-
Save juev/a76062f94a13b4f40cc0123420473225 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Flush out the list before we begin | |
ipfw -q -f flush | |
# Set rules command prefix | |
cmd="ipfw -q add" | |
vpn="tun0" | |
lan="vtnet0" | |
skip="skipto 500" | |
$cmd 00010 allow all from any to any via lo0 # No restrictions on Loopback Interface | |
# $cmd 00015 divert natd ip from any to any in via $lan # NAT any inbound packets | |
# allows the packet through if it matches an existing entry in the dynamic rules table | |
$cmd 00020 check-state | |
$cmd 00030 allow all from any to any out via $lan setup keep-state # Allow all outbound connections | |
$cmd 00040 allow all from any to any via $vpn # Allow any connection to/from VPN interface | |
$cmd 00050 allow tcp from any to me 22 in via $lan setup limit src-addr 2 # Allow inbound SSH connections | |
$cmd 00060 allow udp from any to me 500 in via $lan setup limit src-addr 2 # Allow inbound VPN connections | |
$cmd 00100 deny log all from any to any in via $lan # deny and log all inbound to LAN interface | |
$cmd 00499 deny log all from any to any # Everything else is denied and logged | |
# $cmd 00500 divert natd ip from any to any out via $lan # skipto location for outbound stateful rules | |
# $cmd 00510 allow ip from any to any |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment