1# $Id: ipf.metarules,v 1.2 2001/02/01 12:27:18 camield Exp $
2#
3# WARNING: this is not a good or even useable ruleset!
4#
5# The use of objects and commands in this ruleset have been overdone to
6# demonstrate features of ipfmeta:
7# - how to use %dump and %verbose
8# - how to put %group to good use
9# - what happens to an object with multiple values (BLOCK-TCP)
10# - recursiveness (CORP rules)
11#
12# Usage: ``ipfmeta ipf.objs <ipf.metarules''
13#
14# This instructs ipfmeta to read the objects from ipf.objs.
15# After this, it will fetch the metarules from stdin, expand
16# the objects in the metarules and dump output to stdout.
17#
18
19%verbose 1
20
21## Main
22block in  log quick on fxp0 all  head 10
23block in  log quick on fxp1 all  head 20
24pass  in      quick on lo0 all
25pass  out     quick on lo0 all
26block in  log quick all
27block out log quick all
28
29## Internet inbound - group 10
30%group 10
31block in log quick all with short
32block in log quick all with ipopt
33block in log quick from UNWANTED to any
34block in log quick from any to BROADCAST
35block in log quick from BROADCAST to any
36block in log quick proto tcp  all  head 12
37block in log quick proto udp  all  head 14
38block in log quick proto icmp all  head 16
39
40## Internet TCP inbound - group 12
41%group 12
42block in log quick proto tcp from any       to any      flags NMAP       K-F
43block in log quick proto tcp from any       to any      port NETBIOS     K-F
44pass  in     quick proto tcp from CORP-MGMT to CORP-WWW port = CORP-TPT  K-SF
45block in log quick proto tcp from any       to any      port = BLOCK-TCP K-F
46pass  in     quick proto tcp from any       to any      flags H          K-SF
47
48## Internet UDP inbound - group 14
49%group 14
50pass  in     quick proto udp from CORP-MGMT to CORP-WWW port = CORP-UPT K-SF
51
52## Internet ICMP inbound - group 16
53%group 16
54pass  in     quick proto icmp from any to any icmp-type squench K-F
55
56## LAN outbound - group 20
57%group 20
58block in quick from UNWANTED to any
59block in quick from any to UNWANTED
60block in quick from BROADCAST to any
61block in quick from any to BROADCAST
62block in quick proto tcp/udp from any to any port NETBIOS
63pass  in quick proto tcp  all                K-S
64pass  in quick proto udp  all                K-S
65pass  in quick proto icmp all icmp-type echo K-S
66
67%dump
68