[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf.conf macro help needed
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: pf.conf macro help needed
- From: "Christopher D. Palmer" <palmercd_(_at_)_cox_(_dot_)_net>
- Date: Wed, 9 Feb 2005 13:08:11 -0500
On Wed, Feb 09, 2005 at 10:56:01AM -0600, J.D. Bronson wrote:
> I have 2 ISPs connected to my OBSD box and use pf:
>
> RR = "fxp0"
> DSL = "tun0"
>
> I created rulesets to dump certain windoze junk as such:
>
> # Block known windows exploits
> block in quick on $DSL proto tcp from any to any port 139
> block in quick on $DSL proto tcp from any to any port 445
> block in quick on $DSL proto tcp from any to any port 69
> block in quick on $RR proto tcp from any to any port 139
> block in quick on $RR proto tcp from any to any port 445
> block in quick on $RR proto tcp from any to any port 69
>
> Is there any way to create a macro so I dont need to create
> double the rulesets for each ISP ?
>
> Thanks!!
>
> --
> J.D. Bronson
> Aurora Health Care // Information Services // Milwaukee, WI USA
> Office: 414.978.8282 // Email: jd_(_at_)_aurora_(_dot_)_org // Pager: 414.314.8282
>
Try this macro:
windows_ports = "{ 139, 445, 69 }"
block in quick on $DSL proto tcp from any to any port $windows_ports
block in quick on $RR proto tcp from any to any port $windows_ports
Visit your host, monkey.org