Appendix F. Sample defaultfilter.pf File
The following is a sample default filter INSPECT script.
// IP source and destination #define src [12,b] #define dst [16,b] // TCP or UDP source and destination ports #define sport [20:2,b] #define dport [22:2,b] // IP protocol #define ip_p [9:1] // Table for recording outgoing sessions. Incoming packets are // matched against this table. connections = dynamic refresh expires 300; // The following two rules deal with outgoing and incoming // packets in which the IP source and destination are the same as // well as connections originating from the firewall going to tcp // port 256 (e.g., for fetching the security policy from the // management console) or to tcp port 22 (for ssh access). The // first rule ...
Get Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
