mirror of
https://github.com/inspec/inspec
synced 2024-11-27 07:00:39 +00:00
35 lines
2.1 KiB
Text
35 lines
2.1 KiB
Text
|
pass out quick on lo0 all
|
||
|
pass out quick on xl0 all
|
||
|
pass out quick on dc0 proto tcp from any to any port = http flags S/FSRPAU keep state
|
||
|
pass out quick on dc0 proto tcp from any to any port = https flags S/FSRPAU keep state
|
||
|
pass out quick on dc0 proto tcp from any to any port = pop3 flags S/FSRPAU keep state
|
||
|
pass out quick on dc0 proto tcp from any to any port = smtp flags S/FSRPAU keep state
|
||
|
pass out quick on dc0 proto tcp from any to any port = time flags S/FSRPAU keep state
|
||
|
pass out quick on d0c0 proto tcp from any to any port = ftp flags S/FSRPAU keep state
|
||
|
pass out quick on dc0 proto tcp from any to any port = ssh flags S/FSRPAU keep state
|
||
|
pass out quick on dc0 inet proto icmp from any to any icmp-type echo keep state
|
||
|
block out log first quick on dc0 all
|
||
|
pass in quick on lo0 all
|
||
|
pass in quick on xl0 all
|
||
|
block in quick on dc0 inet from 192.168.0.0/16 to any
|
||
|
block in quick on dc0 inet from 172.16.0.0/12 to any
|
||
|
block in quick on dc0 inet from 10.0.0.0/8 to any
|
||
|
block in quick on dc0 inet from 127.0.0.0/8 to any
|
||
|
block in quick on dc0 inet from 0.0.0.0/8 to any
|
||
|
block in quick on dc0 inet from 169.254.0.0/16 to any
|
||
|
block in quick on dc0 inet from 192.0.2.0/24 to any
|
||
|
block in quick on dc0 inet from 204.152.64.0/23 to any
|
||
|
block in quick on dc0 inet from 224.0.0.0/3 to any
|
||
|
block in quick on dc0 from any to any with frag
|
||
|
block in quick on dc0 proto tcp from any to any with short
|
||
|
block in quick on dc0 inet from any to any with opt lsrr
|
||
|
block in quick on dc0 inet from any to any with opt ssrr
|
||
|
block in log first quick on dc0 proto tcp from any to any flags FPU/FSRPAU
|
||
|
block in quick on dc0 from any to any with ipopts
|
||
|
block in quick on dc0 inet proto icmp from any to any icmp-type echo
|
||
|
block in quick on dc0 proto tcp from any to any port = auth
|
||
|
block in log first quick on dc0 proto tcp/udp from any to any port = netbios-ns
|
||
|
block in log first quick on dc0 proto tcp/udp from any to any port = netbios-dgm
|
||
|
block in log first quick on dc0 proto tcp/udp from any to any port = netbios-ssn
|
||
|
block in log first quick on dc0 proto tcp/udp from any to any port = 81
|
||
|
block in log first quick on dc0 all
|