-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.conf.sample
48 lines (42 loc) · 2.22 KB
/
main.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# ibdfw configuration sample file
#===[ Default behavior ]=======================================================
#Default input accept
#Default output accept
#Default forward accept
#Default input,output,forward reject
#Default all drop
#===[ Forward rules for routing ]==============================================
#Forward from ip 10.0.0.1
#Forward from ip 10.1.1.0/24 to ip 10.2.2.0/24
#Forward to ip 10.3.3.0/24
#Forward from iprange 10.1.1.1-10.1.1.55 to iprange 10.2.2.56-10.2.2.68
#Forward not-from ip 10.0.0.1 ports tcp 8080
#Forward not-from iprange 10.0.0.1-10.0.0.145 ports tcp 8080
#Forward from interface eth0 not-to interface eth1
#Forward from interface eth0 to iprange 10.30.40.22-10.30.40.25 port tcp 80:90
#Forward not-from ip 10.0.0.1 from interface eth0 to ip 192.168.1.254 port tcp 80,443,1000:1100
#===[ Input for local processes ]==============================================
#Input from ip 10.0.0.1
#Input from ip 10.1.1.0/24 to ip 10.2.2.0/24
#Input to ip 10.3.3.0/24
#Input from iprange 10.1.1.1-10.1.1.55 to iprange 10.2.2.56-10.2.2.68
#Input not-from ip 10.0.0.1 ports tcp 8080
#Input not-from iprange 10.0.0.1-10.0.0.145 ports tcp 8080
#Input from interface eth0 to iprange 10.30.40.22-10.30.40.25 port tcp 80:90
#Input not-from ip 10.0.0.1 from interface eth0 to ip 192.168.1.254 port tcp 80,443,1000:1100
#===[ Output for local processes ]==============================================
#Output to ip 10.0.0.0/8 port tcp 80,443
#Output not-to iprange 10.0.0.1-10.0.0.145 ports tcp 8080
#Output to interface eth0
#Output to interface eth0 to iprange 10.30.40.22-10.30.40.25 port tcp 80:90
#===[ Raw command for iptables ]===============================================
#Raw -A INPUT ! -s 10.254.254.254/32 -d 192.168.1.254/24
#===[ NAT rules ]==============================================================
#Nat unidirectionnal 10.0.0.0/8 via 5.6.7.8
#Nat unidirectionnal 10.0.0.0/8 via 5.6.7.8 except 192.168.0.0/16,172.16.0.0/12
#Nat bidirectionnal 10.0.0.1 via 4.4.4.4
#Nat bidirectionnal 10.0.0.1 via 4.4.4.4 except 192.168.1.45
#Nat port-forward 5.6.7.8:1022 to 10.0.0.1:22
#Nat port-forward 1.2.3.4:53 to 5.6.7.8:53 udp
#Nat reflection 10.2.27.0/24 on vlan27
#Nat reflection 10.2.27.0/24 on vlan27 except 192.168.0.0/16,172.16.0.0/12