updated for FreeBSD 12.2

2021-02-13 11:38:38 -08:00
parent bd3cffc61a
commit 5cee123a3c
121 changed files with 7315 additions and 624 deletions
--- a/jails/config/hub/ipfw.rules
+++ b/jails/config/hub/ipfw.rules
@ -0,0 +1,23 @@
+#!/bin/sh
+# Flush out the list before we begin.
+ipfw -q -f flush
+
+# Set rules command prefix
+cmd="ipfw -q add"
+pif="epair0b"     # interface name of NIC attached to Internet
+
+$cmd 00100 allow ip from any to any via lo0
+$cmd 00200 deny ip from any to 127.0.0.0/8
+$cmd 00300 deny ip from 127.0.0.0/8 to any
+$cmd 00400 deny ip from any to ::1
+$cmd 00500 deny ip from ::1 to any
+$cmd 00600 allow ipv6-icmp from :: to ff02::/16
+$cmd 00700 allow ipv6-icmp from fe80::/10 to fe80::/10
+$cmd 00800 allow ipv6-icmp from fe80::/10 to ff02::/16
+$cmd 00900 allow ipv6-icmp from any to any icmp6types 1
+$cmd 01000 allow ipv6-icmp from any to any icmp6types 2,135,136
+$cmd 05000 reset ip from table(22) to me
+$cmd 65000 allow ip from any to any
+$cmd 65535 deny ip from any to any
+
+# https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html