Created
December 2, 2017 16:47
-
-
Save wesinator/a20454151415e2ca39240c025e181199 to your computer and use it in GitHub Desktop.
Legacy modem firewall rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
title [ Security Level Low IN rules ] | |
begin | |
RulesDropFrom192 | |
drop from addr %LANADDR%:%LANMASK% >> done, alert 0 [WAN Traffic from LAN IP] | |
RulesPass | |
pass all | |
RulesDropAddress | |
drop from addr 0.0.0.0 >> done, alert 4 [ 0.0.0.0 Source IP Address] | |
RulesPassUDP | |
pass protocol udp, to port 53 >> done | |
pass protocol udp, from port 53 >> done | |
RulesDropICMP | |
drop protocol icmp >> alert 4 [ICMP Message To WAN IP] | |
RulesDropWANUDP | |
drop protocol udp, to addr %WANADDR%:32 >> done, alert 4 [UDP WAN Traffic to WAN IP] | |
RulesDropWANTCP | |
drop protocol tcp, to addr %WANADDR%:32 >> done, alert 4 [TCP WAN Traffic to WAN IP] | |
RulesPassGoodICMP | |
pass protocol icmp, to addr %WANADDR%:32 >> done, alert 0 [Responding to WAN Ping] | |
RulesPassGoodICMP | |
pass protocol icmp, to addr %LANADDR%:%LANMASK% >> done, alert 0 [Nat'ed LOCAL PING] | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
title [ Security Level Medium IN rules ] | |
begin | |
RulesDropFrom192 | |
drop from addr %LANADDR%:%LANMASK% >> done, alert 0 [WAN Traffic from LAN IP] | |
RulesDropTTL | |
drop match 3 8 { 01:FE } >> alert 4 [TTL of 0 or 1] | |
RulesDropAddress | |
drop from addr 0.0.0.0 >> done, alert 4 [ 0.0.0.0 Source IP Address] | |
RulesDropICMP | |
drop protocol icmp >> alert 4 [ICMP Message To WAN IP] | |
RulesPass | |
pass all | |
RulesDropWANUDP | |
drop protocol udp, to addr %WANADDR%:32 >> done, alert 4 [UDP WAN Traffic to WAN IP] | |
RulesDropWANTCP | |
drop protocol tcp, to addr %WANADDR%:32 >> done, alert 4 [TCP WAN Traffic to WAN IP] | |
RulesDropICMP | |
drop protocol icmp, to addr %WANADDR%:32 >> done, alert 4 [ICMP Traffic to WAN IP] | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
title [ Security Level Low OUT rules ] | |
begin | |
RulesDropNETBIOS | |
drop to port >= 135, to port <= 139 >> done, alert 4 [Dropping NETBIOS Traffic] | |
RulesPass | |
pass all | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
title [ Security Level Medium OUT rules ] | |
begin | |
# Protocol Match conditions | |
RulesPass | |
pass to port 80 >> done | |
pass from port 80 >> done | |
pass protocol udp, to port 53 >> done | |
pass to port 20 >> done | |
pass from port 20 >> done | |
pass to port 21 >> done | |
pass to port 23 >> done | |
pass to port 110 >> done | |
pass to port 119 >> done | |
pass to port 143 >> done | |
pass to port 220 >> done | |
pass to port 25 >> done | |
pass to port 443 >> done | |
pass to port 500 >> done | |
pass protocol 50 >> done | |
pass protocol tcp, from addr %LANADDR% >> state, done | |
# Failed to match | |
RulesDropNETBIOS | |
drop to port >= 135, to port <= 139 >> done, alert 4 [Dropping NETBIOS Traffic] | |
RulesDrop | |
drop all >> alert 1 [ Packet to be dropped unless Service enabled ] | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment