# # Isba source file text export - Sun Nov 18 07:16:09 MET 2001 # from: /home/pierre/isba/dev/samples/pass-all-and-log.isba # # IPF RULES # # -------- --------- ------ ---------- ---------- ---------- ---------------- ---------- ------------------------------------- # Action Opts Intf From To Service Misc Group Comment # -------- --------- ------ ---------- ---------- ---------- ---------------- ---------- ------------------------------------- # samples/pass-all-and-log.isba # # This ruleset lets all traffic pass through and logs everything # but the services belonging to the service group 'dont-log'. # 1 pass in quick dont-log # don't log X11, www, www-8080, ssh ... 2 pass in quick srcport dont-log # don't log X11, www, www-8080, ssh ... 3 pass in log first proto-tcp flags S/SA # TCP: log only 1st packet quick keep state keep frags 4 pass in log first proto-udp keep state # UDP, ICMP: log only 1st packet quick proto-icmp 5 pass in log quick # -------- --------- ------ ---------- ---------- ---------- ---------------- ---------- ------------------------------------- 6 pass out quick dont-log # don't log X11, www, www-8080, ssh ... 7 pass out quick srcport dont-log # don't log X11, www, www-8080, ssh ... 8 pass out log first proto-tcp flags S/SA # TCP: log only 1st packet quick keep state keep frags 9 pass out log first proto-udp keep state # UDP, ICMP: log only 1st packet quick proto-icmp 10 pass out log quick # NAT RULES # # -------- ------ ---------- ---------- ---------- -- ------------ ------------ -------- ------------ # Action Intf Original Original Original Translated Translated Range Comment # -> -> From To Service -> Address Service -> -> # -------- ------ ---------- ---------- ---------- -- ------------ ------------ -------- ------------ # --------- -------- ---------- ------------- # HOST/NET VALUE COMMENT INCLUDED FROM # --------- -------- ---------- ------------- # --------- -------- ---------- ---------------------------------- ------------- # SERVICE PROTO VALUE COMMENT INCLUDED FROM # --------- -------- ---------- ---------------------------------- ------------- X11 tcp 5999><6010 dont-log tcp X11 noisy services I don't want to log www www-8080 8081 22 1987 53 proto-icmp icmp specifies proto icmp, no type proto-tcp tcp specifies proto tcp, no port proto-udp udp specifies proto udp, no port www tcp 80 www-8080 tcp 8080 # --------- -------- ---------- ------------- # INTERFACE VALUE COMMENT INCLUDED FROM # --------- -------- ---------- ------------- # RULESET PROPERTIES # Version: # Ruleset targets: Target hostname SSH user use ipfilter ipf rules nat rules or IP address on target sudo conf dir. filename filename -------------- --------- ----- --------------- ------------ ------------ 1: # Setup infos - Ruleset comments - List of changes ...