#Filter for Permanent Customers
add filter permanent.in
add filter permanent.out
#Deny telnet to our SERVERS
set filter permanent.in 1 deny 0.0.0.0/0 203.25.185.0/24 tcp dst eq 23
set filter permanent.in 2 deny 0.0.0.0/0 210.8.69.0/24 tcp dst eq 23
#Deny NFS
set filter permanent.in 3 deny tcp dst eq 2049
#Deny external Mail relays (I can actually add this to my border router!)
set filter permanent.in 4 permit 0.0.0.0/0 203.25.185.2/32 tcp dst eq 25
set filter permanent.in 5 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 25
#Windows attack Ports in & out (as above)
set filter permanent.in 6 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 137
set filter permanent.out 1 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 137
set filter permanent.in 7 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 138
set filter permanent.out 2 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 138
set filter permanent.in 8 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 139
set filter permanent.out 3 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 139
#Deny RIP
set filter permanent.in 9 deny udp dst eq 520
#Deny packet spoofing and allow the rest
set filter permanent.in 10 permit CUSTOMER-IP/32 0.0.0.0/0
set filter permanent.in 11 deny 0.0.0.0/0 0.0.0.0/0
Is this too much work for pm2 or 3 to be doing?
Regards,
Stavros Patiniotis
------------------------------------------------------------------------------
-System Administrator / Network Manager Escape.Net -
- 465b South Rd -
-email: stavros@esc.net.au Keswick SA 5035 -
-URL: http://www.esc.net.au Ph 82932526 Fax 82932949-
------------------------------------------------------------------------------
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.