Solaris firewall configuration

May 17, 2007

#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
# Block evil packets
block in log quick all with short

# Allow everything from our DNS servers in
pass in quick from 128.222.228.235/32 to any keep state
pass in quick from 128.222.228.236/32 to any keep state
pass in quick from 128.222.12.10/32 to any keep state
pass in quick from 10.5.140.176/32 to any keep state

# Let our iscsi traffic in
pass in quick from any to any port = 3260 keep state
pass in quick from 10.5.140.151/32 to any keep state

# Allow SSH access in
pass in quick proto tcp from any to any port = 22 keep state

# Allow and log icmp packets
pass in log quick proto icmp all keep state

# Allow access to the rest of the world
pass out quick from any to any keep state

# Explicitly block telnet and everything else
block in quick proto tcp from any to any port = 23
block in quick from any to any

Yep, pretty basic. I have to say, I think I might actually like ipfilter better than iptables. Maybe that’s only because I’ve only done basic stuff with it so far.

posted in firewall, software, solaris, sun by Lee

 
Powered by Wordpress and MySQL. Theme by Shlomi Noach, openark.org