# # If you add/remove/alter a rule, run 'fetchipac -S' afterwards # # Format: # Name of rule|direction|interface|protocol|source|destination|extension| # WARNING!!!! spaces are not allowed before and after '|'. # # where # Name of rule Any string to identify this rule # direction ipac~fi - forward in # ipac~fo - forward out # ipac~i - outgoing from machine with ipac-ng to other host(/net) # (or incoming to otherhost) # ipac~o - incoming to machine with ipac-ng # (or outgoing from otherhost) # # interface interface name, '+' means all interfaces # (dont try to use ip numbers here!) # protocol tcp | udp | icmp | all # source \ # destination both as described in ipfwadm(8), or empty # # # W A R N I N G ! ! ! # # Don't use symbols other than '0-9A-z[space]' in rules names. You may encounter # some strange troubles. ## ## Here's what works for PREROUTING forwards: ## ## Traffic to host to internet|ipac~fo|+|all|0/0|internal_ip/32|| ## Traffic from host to internet|ipac~fo|+|all|internal_ip/32|0/0|| ## ## Note: incoming SSH traffic = (net play ssh recv) + (play net ssh recv) ## ## These are the 4 states of originating, sending, and receiving ## ## net to play: send a file TO play SSH net play ssh recv ## net to play: get a file FR play SSH net play ssh send ## play to net: send a file FR play SSH rev play net ssh send ## play to net: get a file TO play SSH rev play net ssh recv ## ## If you stick to the naming convention: ## net "host" "proto" "direction" (for internet->host connections) ## "host" net "proto" "direction" (for host->internet connections) ## ...then the RRD scripts can parse the 'ipacsum' output ## ## NOTE: The first field cannot be > 19 characters, this is a limitation ## of RRD. ## # ALL traffic to/from play play recv|ipac~fo|+|all|0/0|10.10.10.5/32|| play send|ipac~fo|+|all|10.10.10.5/32|0/0|| # SSH traffic to/from play net play ssh recv|ipac~fo|+|tcp|0/0|10.10.10.5/32 ssh|| play net ssh recv|ipac~fo|+|tcp|0/0 ssh|10.10.10.5/32|| net play ssh send|ipac~fo|+|tcp|10.10.10.5/32 ssh|0/0|| play net ssh send|ipac~fo|+|tcp|10.10.10.5/32|0/0 ssh|| # Apache::MP3 (port 8080) traffic to/from play net play 8080 recv|ipac~fo|+|tcp|0/0|10.10.10.5/32 8080|| play net 8080 recv|ipac~fo|+|tcp|0/0 8080|10.10.10.5/32|| net play 8080 send|ipac~fo|+|tcp|10.10.10.5/32 8080|0/0|| play net 8080 send|ipac~fo|+|tcp|10.10.10.5/32|0/0 8080|| # DNS (aka openvpn) UDP traffic to/from play net play 53 recv|ipac~fo|+|udp|0/0|10.10.10.5/32 53|| play net 53 recv|ipac~fo|+|udp|0/0 53|10.10.10.5/32|| net play 53 send|ipac~fo|+|tcp|10.10.10.5/32 53|0/0|| play net 53 send|ipac~fo|+|tcp|10.10.10.5/32|0/0 53|| ########################################################################### # ALL traffic to/from spun spun recv|ipac~fo|+|all|0/0|10.10.10.2/32|| spun send|ipac~fo|+|all|10.10.10.2/32|0/0|| # SMTP traffic to/from spun net spun smtp recv|ipac~fo|+|tcp|0/0|10.10.10.2/32 smtp|| spun net smtp recv|ipac~fo|+|tcp|0/0 smtp|10.10.10.2/32|| net spun smtp send|ipac~fo|+|tcp|10.10.10.2/32 smtp|0/0|| spun net smtp send|ipac~fo|+|tcp|10.10.10.2/32|0/0 smtp|| # IMAP-SSL traffic to/from spun net spun imaps recv|ipac~fo|+|tcp|0/0|10.10.10.2/32 imaps|| spun net imaps recv|ipac~fo|+|tcp|0/0 imaps|10.10.10.2/32|| net spun imaps send|ipac~fo|+|tcp|10.10.10.2/32 imaps|0/0|| spun net imaps send|ipac~fo|+|tcp|10.10.10.2/32|0/0 imaps|| # POP3 traffic to/from spun #net spun pop3 recv|ipac~fo|+|tcp|0/0|10.10.10.2/32 pop3|| #spun net pop3 recv|ipac~fo|+|tcp|0/0 pop3|10.10.10.2/32|| #net spun pop3 send|ipac~fo|+|tcp|10.10.10.2/32 pop3|0/0|| #spun net pop3 send|ipac~fo|+|tcp|10.10.10.2/32|0/0 pop3|| # HTTP traffic to/from spun net spun http recv|ipac~fo|+|tcp|0/0|10.10.10.2/32 http|| spun net http recv|ipac~fo|+|tcp|0/0 http|10.10.10.2/32|| net spun http send|ipac~fo|+|tcp|10.10.10.2/32 http|0/0|| spun net http send|ipac~fo|+|tcp|10.10.10.2/32|0/0 http|| # HTTP-SSL traffic to/from spun net spun https recv|ipac~fo|+|tcp|0/0|10.10.10.2/32 https|| spun net https recv|ipac~fo|+|tcp|0/0 https|10.10.10.2/32|| net spun https send|ipac~fo|+|tcp|10.10.10.2/32 https|0/0|| spun net https send|ipac~fo|+|tcp|10.10.10.2/32|0/0 https|| # SSH traffic to/from spun net spun ssh recv|ipac~fo|+|tcp|0/0|10.10.10.2/32 ssh|| spun net ssh recv|ipac~fo|+|tcp|0/0 ssh|10.10.10.2/32|| net spun ssh send|ipac~fo|+|tcp|10.10.10.2/32 ssh|0/0|| spun net ssh send|ipac~fo|+|tcp|10.10.10.2/32|0/0 ssh|| ###########################################################################