##Place the bricks to be called when "/etc/init.d/firebricks start" is run #FirebricksStart () { # export PATH="/usr/lib/firebricks/:$PATH" # # lockdown # # kernel start # # banfor30 # scrutinizedst # scrutinizesrc # #histogram # autoreject # # macchk # inputsrcaddrtype # outputdstaddrtype # fwdsrcaddrtype # fwddstaddrtype # address # bogons # icmpchk # icmpfwdchk scrutinizesrc banfor30 DROP # ipopts scrutinizesrc banfor30 DROP # plength # tcpchk scrutinizesrc banfor30 DROP # udpchk scrutinizesrc banfor30 DROP # catchmapper scrutinizesrc DROP # catchmapreply scrutinizedst DROP # # mapssh # pasvmap # # scrutinize # checkbans # shunsrc # shundst # punishmapper # # established # # blockfwdports # identreject # # local-forward-accept # local-input-accept # local-output-accept # # logremainder # # policy # # lockdown stop #} ##Place the bricks to be called when "/etc/init.d/firebricks stop" is run #FirebricksStop () { # export PATH="/usr/lib/firebricks/:$PATH" # # lockdown #} #DefaultPolicy='DROP' #NeverLog=( #"-s 127.0.0.1" #"-p tcp --dport 53" #"-d 224.0.0.1" #"-m addrtype --dst-type LOCAL -p tcp --sport 1024:65535 --dport 135" #"-m addrtype --dst-type BROADCAST -p udp --sport 137 --dport 137" #"-m addrtype --dst-type BROADCAST -p udp --sport 138 --dport 138" #"-m addrtype --dst-type BROADCAST -p udp --sport 68 --dport 67" #" -p udp --sport 514 --dport 514" #"-m addrtype --dst-type LOCAL -p icmp --icmp-type 8" #) #BlockFwdTcpPorts='' #This holds a space seperated list of tcp destination ports that should #_never_ traverse this firewall. For example if you never want to allow #SMTP or Telnet connections, set like so: #BlockFwdTcpPorts='25 23' # #Likewise, a space seperated list of destination udp ports to block. #BlockFwdUdpPorts='' #LegalMacs=( #"1.1.1.1 AA:BB:CC:DD:EE:FF eth0" #"1.1.1.2 C0:FF:EE:C0:FF:EE eth0" #"0/0 GW:MA:CA:DD:RE:SS eth0" #) #NeverCheckMac=( #"-i sl0" #"-s my.ethernet.ip.address" #)