Blame
Date:
Sun Jan 29 05:00:28 2023 UTC
Message:
Daily backup
01
2023-01-22
jrmu
version=pmwiki-2.2.130 ordered=1 urlencoded=1
02
2023-01-22
jrmu
agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:82.0) Gecko/20100101 Firefox/82.0
03
2023-01-22
jrmu
author=jrmu
04
2023-01-22
jrmu
charset=UTF-8
05
2023-01-22
jrmu
csum=
06
2023-01-22
jrmu
ctime=1599100403
07
2023-01-22
jrmu
host=198.251.81.119
08
2023-01-22
jrmu
name=Openbsd.Pf-bnc
09
2023-01-22
jrmu
rev=12
10
2023-01-22
jrmu
targets=Openbsd.Ilines,Openbsd.Pf,Openbsd.Ddos,Openbsd.Tcpdump
11
2023-01-22
jrmu
text=(:title Sample PF for Stable:)%0a%0aHere's a sample /etc/pf.conf for stable servers (do '''NOT''' use this for shell servers):%0a%0a[@%0aExtIf = "vio0"%0aIP4 = "10.0.0.1"%0aIntIP4 = "192.168.0.1"%0aIP6 = "2001:db8::/80"%0aFlushUDP = "max-pkt-rate 10000/10 keep state (max 1000, source-track rule, max-src-nodes%0a 200, max-src-states 200)"%0aFlush = "keep state (max 1000, source-track rule, max-src-nodes 200, max-src-conn-rate 5%0a00/10 overload %3cbadhosts> flush global)"%0aFlushStrict = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-ra%0ate 50/10 overload %3cbadhosts> flush global)"%0a%0aset skip on lo0%0aset loginterface $ExtIf%0aset ruleset-optimization profile%0aset syncookies adaptive (start 25%25, end 12%25)%0a%0atable %3cilines> persist file "/etc/pf/ilines"%0atable %3cbadhosts> persist file "/etc/pf/badhosts"%0a%0a# udp and icmp%0ablock in log quick from %3cbadhosts>%0apass in log quick proto udp to {$IP4 $IP6} port domain $FlushUDP%0apass in log quick proto udp to {$IP4 $IP6} port ntp $FlushUDP%0apass in log quick proto udp to {$IP4 $IP6} port {isakmp ipsec-nat-t} $FlushUDP%0ablock in log quick proto udp to {$IP4 $IP6}%0ablock in log quick from urpf-failed%0amatch in log all scrub (no-df random-id max-mss 1440)%0apass in log quick on $ExtIf inet proto icmp icmp-type 8 code 0 $FlushUDP # icmp packets%0apass in log quick on $ExtIf inet proto icmp icmp-type 3 code 4 $FlushUDP # icmp needfrag%0a (MTU)%0apass in log quick on $ExtIf proto ipv6-icmp $FlushUDP%0a# tcp%0apass in log quick proto tcp to {$IP4 $IP6} port domain $Flush%0apass in log quick proto tcp to {$IP4 $IP6} port auth $Flush%0apass in log quick proto tcp to {$IP4 $IP6} port {smtp submission smtps imap imaps pop3 p%0aop3s} $Flush%0apass in log quick proto tcp to {$IP4 $IP6} port {gopher http https} $Flush%0apass in log quick proto tcp from %3cilines> to {$IP4 $IP6} port { 6660:6669 6697 6997 7000%0a 9999 16667 16697 } #irc%0apass in log quick proto tcp to {$IP4 $IP6} port { 6660:6669 6697 6997 7000 9999 16667 16%0a697 } $Flush #irc%0apass in log quick proto tcp to {$IP4 $IP6} port { 1314 21314 1337 31337 } $Flush #bnc%0apass in log quick proto tcp to {$IP4 $IP6} port 29173 $Flush #wraith%0apass in log quick proto tcp to {$IP4 $IntIP4 $IP6} port ssh $FlushStrict%0a%0a# road warrior vpn%0apass in log inet proto udp to {$IP4 $IP6} port {isakmp, ipsec-nat-t} tag IKED%0apass in log inet proto esp to {$IP4 $IP6} tag IKED%0apass log on enc0 inet tagged ROADW%0amatch out log on $ExtIf inet tagged ROADW nat-to $IP4%0amatch in log quick on enc0 inet proto { tcp, udp } to port 53 rdr-to 127.0.0.1 port 53%0a%0ablock in log all%0ablock out log on $IntIP4%0apass out quick from {$IP4 $IP6} # allow non-spoofed packets%0apass out quick proto tcp from $IntIP4 to port ssh%0apass out quick proto {udp tcp} from $IntIP4 to port {domain}%0apass out quick inet proto icmp from $IntIP4 # allow ICMP%0a@]%0a%0aYou will then need to create a folder:%0a%0a[@%0a$ doas mkdir /etc/pf/%0a@]%0a%0aThen, add the list of [[openbsd/ilines|ilines]] to /etc/pf/ilines.%0a%0a[@%0a198.251.89.130%0a198.251.83.183%0a209.141.39.184%0a209.141.39.228%0a198.251.84.240%0a198.251.80.229%0a198.251.81.119%0a209.141.39.173%0a198.251.89.91%0a198.251.81.44%0a209.141.38.137%0a198.251.81.133%0a2605:6400:0030:f8de::/64%0a2605:6400:0010:071b::/64%0a2605:6400:0020:0434::/64%0a2605:6400:0020:00b4::/64%0a2605:6400:0010:05bf::/64%0a2605:6400:0030:fc15::/64%0a2605:6400:0020:1290::/64%0a2605:6400:0020:0bb8::/64%0a2605:6400:0030:faa1::/64%0a2605:6400:0010:069d::/64%0a2605:6400:0020:05cc::/64%0a2605:6400:0010:00fe::/64%0a@]%0a%0aAfterwards, any badhosts can be added to /etc/pf/badhosts.%0a%0aTo load the new configuration:%0a%0a[@%0a$ doas pfctl -f /etc/pf.conf%0a@]%0a%0a!! See Also%0a%0a|| [[openbsd/pf|PF Guide]] || [[openbsd/ddos|DDoS Filtering Guide]] || [[openbsd/tcpdump|tcpdump]] ||
12
2023-01-22
jrmu
time=1609266636
13
2023-01-22
jrmu
title=Sample PF for Stable
14
2023-01-22
jrmu
author:1609266636=jrmu
15
2023-01-22
jrmu
diff:1609266636:1609266249:=3c3%0a%3c Here's a sample /etc/pf.conf for stable servers (do '''NOT''' use this for shell servers):%0a---%0a> Here's a sample /etc/pf.conf for stable servers:%0a
16
2023-01-22
jrmu
host:1609266636=198.251.81.119
17
2023-01-22
jrmu
author:1609266249=jrmu
18
2023-01-22
jrmu
diff:1609266249:1609265082:=63a64%0a> pass out quick from $IntIP4 proto ipv6-icmp # allow ICMP6%0a
19
2023-01-22
jrmu
host:1609266249=198.251.81.119
20
2023-01-22
jrmu
author:1609265082=jrmu
21
2023-01-22
jrmu
diff:1609265082:1609264862:=49c49%0a%3c pass in log quick proto tcp to {$IP4 $IntIP4 $IP6} port ssh $FlushStrict%0a---%0a> pass in log quick proto tcp to $IntIP4 port ssh $FlushStrict%0a
22
2023-01-22
jrmu
host:1609265082=198.251.81.119
23
2023-01-22
jrmu
author:1609264862=jrmu
24
2023-01-22
jrmu
diff:1609264862:1609264685:=7,9c7,9%0a%3c IP4 = "10.0.0.1"%0a%3c IntIP4 = "192.168.0.1"%0a%3c IP6 = "2001:db8::/80"%0a---%0a> IP4 = "38.81.163.143"%0a> IntIP4 = "38.81.163.143"%0a> IP6 = "2001:550:3402:1:143::/80"%0a
25
2023-01-22
jrmu
host:1609264862=198.251.81.119
26
2023-01-22
jrmu
author:1609264685=jrmu
27
2023-01-22
jrmu
diff:1609264685:1609264610:=36a37%0a> %0a49,50c50,53%0a%3c pass in log quick proto tcp to $IntIP4 port ssh $FlushStrict%0a%3c %0a---%0a> pass in log quick proto tcp to $IntIP4 port ssh $FlushStrict %0a> pass in log quick proto tcp to {$IP4 $IP6} port 29173 $Flush #wraith%0a> pass in log quick proto tcp to $IntIP4 port ssh $FlushStrict %0a> %0a53c56%0a%3c pass in log inet proto esp to {$IP4 $IP6} tag IKED%0a---%0a> pass in log inet proto esp to {$IP4 $IP6} tag IKED %0a60c63%0a%3c pass out quick from {$IP4 $IP6} # allow non-spoofed packets%0a---%0a> pass out quick from {$IP4 $IP6} # allow non-spoofed packets %0a
28
2023-01-22
jrmu
host:1609264685=198.251.81.119
29
2023-01-22
jrmu
author:1609264610=jrmu
30
2023-01-22
jrmu
diff:1609264610:1609176978:=10,16c10,12%0a%3c FlushUDP = "max-pkt-rate 10000/10 keep state (max 1000, source-track rule, max-src-nodes%0a%3c 200, max-src-states 200)"%0a%3c Flush = "keep state (max 1000, source-track rule, max-src-nodes 200, max-src-conn-rate 5%0a%3c 00/10 overload %3cbadhosts> flush global)"%0a%3c FlushStrict = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-ra%0a%3c te 50/10 overload %3cbadhosts> flush global)"%0a%3c %0a---%0a> FLUSH = "keep state (max 1000, source-track rule, max-src-nodes 200, max-src-conn-rate 500/10 overload %3cbadhosts> flush global)"%0a> FLUSHSTRICT = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-rate 50/10 overload %3cbadhosts> flush global)"%0a> %0a25c21,26%0a%3c # udp and icmp%0a---%0a> pass in log quick on $IP4 proto udp to port domain%0a> pass in log quick on $IP4 proto udp to port ntp%0a> pass in log quick on $IP4 proto udp to port {isakmp ipsec-nat-t}%0a> block in log quick on $IP4 proto udp%0a> match in all scrub (no-df random-id max-mss 1440)%0a> block in log quick from urpf-failed%0a27,53c28,42%0a%3c pass in log quick proto udp to {$IP4 $IP6} port domain $FlushUDP%0a%3c pass in log quick proto udp to {$IP4 $IP6} port ntp $FlushUDP%0a%3c pass in log quick proto udp to {$IP4 $IP6} port {isakmp ipsec-nat-t} $FlushUDP%0a%3c block in log quick proto udp to {$IP4 $IP6}%0a%3c block in log quick from urpf-failed%0a%3c match in log all scrub (no-df random-id max-mss 1440)%0a%3c pass in log quick on $ExtIf inet proto icmp icmp-type 8 code 0 $FlushUDP # icmp packets%0a%3c pass in log quick on $ExtIf inet proto icmp icmp-type 3 code 4 $FlushUDP # icmp needfrag%0a%3c (MTU)%0a%3c pass in log quick on $ExtIf proto ipv6-icmp $FlushUDP%0a%3c %0a%3c # tcp%0a%3c pass in log quick proto tcp to {$IP4 $IP6} port domain $Flush%0a%3c pass in log quick proto tcp to {$IP4 $IP6} port auth $Flush%0a%3c pass in log quick proto tcp to {$IP4 $IP6} port {smtp submission smtps imap imaps pop3 p%0a%3c op3s} $Flush%0a%3c pass in log quick proto tcp to {$IP4 $IP6} port {gopher http https} $Flush%0a%3c pass in log quick proto tcp from %3cilines> to {$IP4 $IP6} port { 6660:6669 6697 6997 7000%0a%3c 9999 16667 16697 } #irc%0a%3c pass in log quick proto tcp to {$IP4 $IP6} port { 6660:6669 6697 6997 7000 9999 16667 16%0a%3c 697 } $Flush #irc%0a%3c pass in log quick proto tcp to {$IP4 $IP6} port { 1314 21314 1337 31337 } $Flush #bnc%0a%3c pass in log quick proto tcp to {$IP4 $IP6} port 29173 $Flush #wraith%0a%3c pass in log quick proto tcp to $IntIP4 port ssh $FlushStrict %0a%3c pass in log quick proto tcp to {$IP4 $IP6} port 29173 $Flush #wraith%0a%3c pass in log quick proto tcp to $IntIP4 port ssh $FlushStrict %0a%3c %0a---%0a> %0a> pass in quick on $ExtIf inet proto icmp icmp-type 8 code 0 max-pkt-rate 1000/10 # icmp packets%0a> pass in quick on $ExtIf inet proto icmp icmp-type 3 code 4 max-pkt-rate 1000/10# icmp needfrag (MTU)%0a> pass in quick on $ExtIf proto ipv6-icmp max-pkt-rate 1000/10%0a> pass in quick on $IP4 proto tcp to port domain $FLUSH%0a> pass in quick on $IP4 proto tcp to port auth $FLUSH%0a> pass in quick on $IP4 proto tcp to port {smtp submission smtps imap imaps pop3 pop3s} $FLUSH%0a> pass in quick on $IP4 proto tcp to port {gopher http https} $FLUSH%0a> pass in quick on $IP4 proto tcp from %3cilines> to port { 6660:6669 6697 6997 7000 9999 16667 16697 } #irc%0a> pass in quick on $IP6 inet6 proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 16697 } $FLUSH #irc%0a> pass in log quick on $IP4 proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 16697 } $FLUSH #irc%0a> pass in log quick on $IP4 proto tcp to port { 1314 21314 1337 31337 } $FLUSH #bnc%0a> pass in log quick on $IP4 proto tcp to port 29173 $FLUSH #wraith%0a> pass in quick on IntIP4 proto tcp to port ssh $FLUSHSTRICT%0a> %0a55,60c44,49%0a%3c pass in log inet proto udp to {$IP4 $IP6} port {isakmp, ipsec-nat-t} tag IKED%0a%3c pass in log inet proto esp to {$IP4 $IP6} tag IKED %0a%3c pass log on enc0 inet tagged ROADW%0a%3c match out log on $ExtIf inet tagged ROADW nat-to $IP4%0a%3c match in log quick on enc0 inet proto { tcp, udp } to port 53 rdr-to 127.0.0.1 port 53%0a%3c %0a---%0a> pass in on $IP4 inet proto udp to port {isakmp, ipsec-nat-t} tag IKED%0a> pass in on $IP4 inet proto esp tag IKED%0a> pass on enc0 inet tagged ROADW%0a> match out on $IP4 inet tagged ROADW nat-to $IP4%0a> match in quick on enc0 inet proto { tcp, udp } to port 53 rdr-to 127.0.0.1 port 53%0a> %0a63,67c52,53%0a%3c pass out quick from {$IP4 $IP6} # allow non-spoofed packets %0a%3c pass out quick proto tcp from $IntIP4 to port ssh%0a%3c pass out quick proto {udp tcp} from $IntIP4 to port {domain}%0a%3c pass out quick inet proto icmp from $IntIP4 # allow ICMP%0a%3c pass out quick from $IntIP4 proto ipv6-icmp # allow ICMP6%0a---%0a> pass out from {$IP4 $IP6} # prevent spoofed packets%0a> pass out from IntIP4 to port ssh # only allow ssh%0a
31
2023-01-22
jrmu
host:1609264610=198.251.81.119
32
2023-01-22
jrmu
author:1609176978=jrmu
33
2023-01-22
jrmu
diff:1609176978:1609176881:=97,101c97%0a%3c @]%0a%3c %0a%3c !! See Also%0a%3c %0a%3c || [[openbsd/pf|PF Guide]] || [[openbsd/ddos|DDoS Filtering Guide]] || [[openbsd/tcpdump|tcpdump]] ||%0a\ No newline at end of file%0a---%0a> @]%0a\ No newline at end of file%0a
34
2023-01-22
jrmu
host:1609176978=198.251.81.119
35
2023-01-22
jrmu
author:1609176881=jrmu
36
2023-01-22
jrmu
diff:1609176881:1609176430:=1,4c1,2%0a%3c (:title Sample PF for Stable:)%0a%3c %0a%3c Here's a sample /etc/pf.conf for stable servers:%0a%3c %0a---%0a> Here's a sample /etc/pf.conf for %0a> %0a54,96d51%0a%3c @]%0a%3c %0a%3c You will then need to create a folder:%0a%3c %0a%3c [@%0a%3c $ doas mkdir /etc/pf/%0a%3c @]%0a%3c %0a%3c Then, add the list of [[openbsd/ilines|ilines]] to /etc/pf/ilines.%0a%3c %0a%3c [@%0a%3c 198.251.89.130%0a%3c 198.251.83.183%0a%3c 209.141.39.184%0a%3c 209.141.39.228%0a%3c 198.251.84.240%0a%3c 198.251.80.229%0a%3c 198.251.81.119%0a%3c 209.141.39.173%0a%3c 198.251.89.91%0a%3c 198.251.81.44%0a%3c 209.141.38.137%0a%3c 198.251.81.133%0a%3c 2605:6400:0030:f8de::/64%0a%3c 2605:6400:0010:071b::/64%0a%3c 2605:6400:0020:0434::/64%0a%3c 2605:6400:0020:00b4::/64%0a%3c 2605:6400:0010:05bf::/64%0a%3c 2605:6400:0030:fc15::/64%0a%3c 2605:6400:0020:1290::/64%0a%3c 2605:6400:0020:0bb8::/64%0a%3c 2605:6400:0030:faa1::/64%0a%3c 2605:6400:0010:069d::/64%0a%3c 2605:6400:0020:05cc::/64%0a%3c 2605:6400:0010:00fe::/64%0a%3c @]%0a%3c %0a%3c Afterwards, any badhosts can be added to /etc/pf/badhosts.%0a%3c %0a%3c To load the new configuration:%0a%3c %0a%3c [@%0a%3c $ doas pfctl -f /etc/pf.conf%0a
37
2023-01-22
jrmu
host:1609176881=198.251.81.119
38
2023-01-22
jrmu
author:1609176430=jrmu
39
2023-01-22
jrmu
diff:1609176430:1609176362:=1,2c1,2%0a%3c Here's a sample /etc/pf.conf for %0a%3c %0a---%0a> A sample /etc/pf.conf for a BNC server:%0a> %0a21a22%0a> pass in log quick on $IP4 proto udp to port 60000:61000 $FLUSH #mosh%0a
40
2023-01-22
jrmu
host:1609176430=198.251.81.119
41
2023-01-22
jrmu
author:1609176362=jrmu
42
2023-01-22
jrmu
diff:1609176362:1609176297:=8,10c8,12%0a%3c FLUSH = "keep state (max 1000, source-track rule, max-src-nodes 200, max-src-conn-rate 500/10 overload %3cbadhosts> flush global)"%0a%3c FLUSHSTRICT = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-rate 50/10 overload %3cbadhosts> flush global)"%0a%3c %0a---%0a> FLUSH = "keep state (max 1000, source-track rule, max-src-nodes 200, max-src-conn-rate 5%0a> 00/10 overload %3cbadhosts> flush global)"%0a> FLUSHSTRICT = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-ra%0a> te 50/10 overload %3cbadhosts> flush global)"%0a> %0a28,29c30,33%0a%3c pass in quick on $ExtIf inet proto icmp icmp-type 8 code 0 max-pkt-rate 1000/10 # icmp packets%0a%3c pass in quick on $ExtIf inet proto icmp icmp-type 3 code 4 max-pkt-rate 1000/10# icmp needfrag (MTU)%0a---%0a> pass in quick on $ExtIf inet proto icmp icmp-type 8 code 0 max-pkt-rate 1000/10 # icmp p%0a> ackets%0a> pass in quick on $ExtIf inet proto icmp icmp-type 3 code 4 max-pkt-rate 1000/10# icmp ne%0a> edfrag (MTU)%0a33c37,38%0a%3c pass in quick on $IP4 proto tcp to port {smtp submission smtps imap imaps pop3 pop3s} $FLUSH%0a---%0a> pass in quick on $IP4 proto tcp to port {smtp submission smtps imap imaps pop3 pop3s} $F%0a> LUSH%0a35,37c40,45%0a%3c pass in quick on $IP4 proto tcp from %3cilines> to port { 6660:6669 6697 6997 7000 9999 16667 16697 } #irc%0a%3c pass in quick on $IP6 inet6 proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 16697 } $FLUSH #irc%0a%3c pass in log quick on $IP4 proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 16697 } $FLUSH #irc%0a---%0a> pass in quick on $IP4 proto tcp from %3cilines> to port { 6660:6669 6697 6997 7000 9999 16%0a> 667 16697 } #irc%0a> pass in quick on $IP6 inet6 proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 1669%0a> 7 } $FLUSH #irc%0a> pass in log quick on $IP4 proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 16697%0a> } $FLUSH #irc%0a
43
2023-01-22
jrmu
host:1609176362=198.251.81.119
44
2023-01-22
jrmu
author:1609176297=jrmu
45
2023-01-22
jrmu
diff:1609176297:1599100403:=4,12c4,5%0a%3c ExtIf = "vio0"%0a%3c IP4 = "38.81.163.143"%0a%3c IntIP4 = "38.81.163.143"%0a%3c IP6 = "2001:550:3402:1:143::/80"%0a%3c FLUSH = "keep state (max 1000, source-track rule, max-src-nodes 200, max-src-conn-rate 5%0a%3c 00/10 overload %3cbadhosts> flush global)"%0a%3c FLUSHSTRICT = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-ra%0a%3c te 50/10 overload %3cbadhosts> flush global)"%0a%3c %0a---%0a> ext_ip = "198.251.81.119"%0a> %0a14,60c7,26%0a%3c set loginterface $ExtIf%0a%3c set ruleset-optimization profile%0a%3c set syncookies adaptive (start 25%25, end 12%25)%0a%3c %0a%3c table %3cilines> persist file "/etc/pf/ilines"%0a%3c table %3cbadhosts> persist file "/etc/pf/badhosts"%0a%3c %0a%3c pass in log quick on $IP4 proto udp to port domain%0a%3c pass in log quick on $IP4 proto udp to port ntp%0a%3c pass in log quick on $IP4 proto udp to port {isakmp ipsec-nat-t}%0a%3c pass in log quick on $IP4 proto udp to port 60000:61000 $FLUSH #mosh%0a%3c block in log quick on $IP4 proto udp%0a%3c match in all scrub (no-df random-id max-mss 1440)%0a%3c block in log quick from urpf-failed%0a%3c block in log quick from %3cbadhosts>%0a%3c %0a%3c pass in quick on $ExtIf inet proto icmp icmp-type 8 code 0 max-pkt-rate 1000/10 # icmp p%0a%3c ackets%0a%3c pass in quick on $ExtIf inet proto icmp icmp-type 3 code 4 max-pkt-rate 1000/10# icmp ne%0a%3c edfrag (MTU)%0a%3c pass in quick on $ExtIf proto ipv6-icmp max-pkt-rate 1000/10%0a%3c pass in quick on $IP4 proto tcp to port domain $FLUSH%0a%3c pass in quick on $IP4 proto tcp to port auth $FLUSH%0a%3c pass in quick on $IP4 proto tcp to port {smtp submission smtps imap imaps pop3 pop3s} $F%0a%3c LUSH%0a%3c pass in quick on $IP4 proto tcp to port {gopher http https} $FLUSH%0a%3c pass in quick on $IP4 proto tcp from %3cilines> to port { 6660:6669 6697 6997 7000 9999 16%0a%3c 667 16697 } #irc%0a%3c pass in quick on $IP6 inet6 proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 1669%0a%3c 7 } $FLUSH #irc%0a%3c pass in log quick on $IP4 proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 16697%0a%3c } $FLUSH #irc%0a%3c pass in log quick on $IP4 proto tcp to port { 1314 21314 1337 31337 } $FLUSH #bnc%0a%3c pass in log quick on $IP4 proto tcp to port 29173 $FLUSH #wraith%0a%3c pass in quick on IntIP4 proto tcp to port ssh $FLUSHSTRICT%0a%3c %0a%3c # road warrior vpn%0a%3c pass in on $IP4 inet proto udp to port {isakmp, ipsec-nat-t} tag IKED%0a%3c pass in on $IP4 inet proto esp tag IKED%0a%3c pass on enc0 inet tagged ROADW%0a%3c match out on $IP4 inet tagged ROADW nat-to $IP4%0a%3c match in quick on enc0 inet proto { tcp, udp } to port 53 rdr-to 127.0.0.1 port 53%0a%3c %0a%3c block in log all%0a%3c block out log on $IntIP4%0a%3c pass out from {$IP4 $IP6} # prevent spoofed packets%0a%3c pass out from IntIP4 to port ssh # only allow ssh%0a---%0a> set loginterface $ext_if%0a> set block-policy drop%0a> %0a> block in log quick from urpf-failed # somehow blocks bad packets, don't ask me how%0a> block log all # drops all packets by default unless whitelisted below%0a> %0a> match in all scrub (no-df random-id max-mss 1440) # somehow fixes segments that are too long, don't ask me how%0a> pass in log quick inet proto icmp icmp-type 8 code 0 # support ping%0a> pass in log quick inet proto icmp icmp-type 3 code 4 # support ping%0a> pass in log quick proto ipv6-icmp # necessary for ipv6 %0a> pass in log quick proto {udp tcp} to port {domain 853 8952} %0a> pass in log quick proto tcp to port {auth} %0a> pass in log quick proto tcp to port {smtp submission smtps imap imaps pop3 pop3s} %0a> pass in log quick proto tcp to port ssh keep state (max-src-conn-rate 20/60)%0a> pass in log quick proto tcp to port {http https} keep state (max-src-conn 60, max-src-conn-rate 60/60)%0a> pass in log quick inet6 proto tcp to port { 6660:7000 16667 16697 } keep state (max 1000) #irc%0a> pass in log quick proto tcp to port { 6660:7000 16667 16697 } keep state (max 1000) #irc%0a> pass in log quick proto tcp to port { 1314 1337 21314 31337 } keep state (max 10000) #znc and psybnc%0a> pass in log quick proto tcp to port 29173 keep state (max 300) #wraith%0a> pass out all%0a
46
2023-01-22
jrmu
host:1609176297=198.251.81.119
47
2023-01-22
jrmu
author:1599100403=jrmu
48
2023-01-22
jrmu
diff:1599100403:1599100403:=1,27d0%0a%3c A sample /etc/pf.conf for a BNC server:%0a%3c %0a%3c [@%0a%3c ext_ip = "198.251.81.119"%0a%3c %0a%3c set skip on lo0%0a%3c set loginterface $ext_if%0a%3c set block-policy drop%0a%3c %0a%3c block in log quick from urpf-failed # somehow blocks bad packets, don't ask me how%0a%3c block log all # drops all packets by default unless whitelisted below%0a%3c %0a%3c match in all scrub (no-df random-id max-mss 1440) # somehow fixes segments that are too long, don't ask me how%0a%3c pass in log quick inet proto icmp icmp-type 8 code 0 # support ping%0a%3c pass in log quick inet proto icmp icmp-type 3 code 4 # support ping%0a%3c pass in log quick proto ipv6-icmp # necessary for ipv6 %0a%3c pass in log quick proto {udp tcp} to port {domain 853 8952} %0a%3c pass in log quick proto tcp to port {auth} %0a%3c pass in log quick proto tcp to port {smtp submission smtps imap imaps pop3 pop3s} %0a%3c pass in log quick proto tcp to port ssh keep state (max-src-conn-rate 20/60)%0a%3c pass in log quick proto tcp to port {http https} keep state (max-src-conn 60, max-src-conn-rate 60/60)%0a%3c pass in log quick inet6 proto tcp to port { 6660:7000 16667 16697 } keep state (max 1000) #irc%0a%3c pass in log quick proto tcp to port { 6660:7000 16667 16697 } keep state (max 1000) #irc%0a%3c pass in log quick proto tcp to port { 1314 1337 21314 31337 } keep state (max 10000) #znc and psybnc%0a%3c pass in log quick proto tcp to port 29173 keep state (max 300) #wraith%0a%3c pass out all%0a%3c @]%0a\ No newline at end of file%0a
49
2023-01-22
jrmu
host:1599100403=38.81.163.143
IRCNow