[FUG-BR] PF - Ajuda

Sexta Maio 14 09:54:11 BRT 2010

Estou com um problema aqui na empresa com uma maquina freebsd 7 que parou, ela era o firewall da empresa e dhcp, agora estamos sem, eu estou precisando das regras que essa maquina tinha no firewall e depois de alguma pesquisa consegui algo com:
# pfctl -sn                 Mostra as regras atuais de NAT
# pfctl -sr                 Mostra as regras atuais de filtragem
Nao consegui localizar o script de firewall, acho que quem configurou mudou os padroes, como eu poderia localizar ?Sera que com esses comandos eu obtive tudo que precisava? Alguem poderia me ajudar a traduzir o que foi apresentado,alguma coisa intendi.Com os comandos acima obtive as seguintes respostas respectivamente:# pfctl -sn                 Mostra as regras atuais de NAT:
nat-anchor "pftpx/*" allnat-anchor "natearly/*" allnat-anchor "natrules/*" allnat on xl0 inet from 10.0.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robinnat on ng0 inet from 10.0.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robinnat on xl0 inet from 10.0.0.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robinnat on ng0 inet from 10.0.0.0/24 port = 5060 to any port = 5060 -> (ng0) port 5060 round-robinnat on xl0 inet from 10.0.0.0/24 to any -> (ng0) port 1024:65535 round-robinnat on ng0 inet from 10.0.0.0/24 to any -> (ng0) port 1024:65535 round-robinrdr-anchor "pftpx/*" allrdr-anchor "slb" allno rdr on xl1 proto tcp from any to <vpns> port = ftprdr on xl1 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021rdr on ng0 inet proto tcp from any to any port = 5901 -> 10.0.0.10rdr on ng0 inet proto tcp from any to any port = 8089 -> 10.0.0.10 port 8000rdr on ng0 inet proto tcp from any to any port = http -> 10.0.0.10 port 8080rdr on ng0 inet proto tcp from any to any port = 2222 -> 10.0.0.10 port 22rdr-anchor "imspector" allrdr-anchor "miniupnpd" all# pfctl -sr                 Mostra as regras atuais de filtragemscrub all random-id max-mss 1452 fragment reassembleanchor "ftpsesame/*" allanchor "firewallrules" allblock drop quick proto tcp from any port = 0 to anyblock drop quick proto tcp from any to any port = 0block drop quick proto udp from any port = 0 to anyblock drop quick proto udp from any to any port = 0block drop quick from <snort2c> to any label "Block snort2c hosts"block drop quick from any to <snort2c> label "Block snort2c hosts"block drop in quick inet6 allblock drop out quick inet6 allanchor "loopback" allpass in quick on lo0 all flags S/SA keep state label "pass loopback"pass out quick on lo0 all flags S/SA keep state label "pass loopback"anchor "packageearly" allanchor "carp" allanchor "dhcpserverlan" allpass in quick on xl1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server on LAN"pass in quick on xl1 inet proto udp from any port = bootpc to 10.0.0.1 port = bootps keep state label "allow access to DHCP server on LAN"pass out quick on xl1 inet proto udp from 10.0.0.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server on LAN"block drop in log quick on xl0 inet proto udp from any port = bootps to 10.0.0.0/24 port = bootpc label "block dhcp client out wan"block drop in log quick on ng0 inet proto udp from any port = bootps to 10.0.0.0/24 port = bootpc label "block dhcp client out wan"block drop in on ! xl1 inet from 10.0.0.0/24 to anyblock drop in inet from 10.0.0.1 to anyblock drop in on xl1 inet6 from fe80::260:8cff:fef1:879e to anyanchor "spoofing" allanchor "spoofing" allblock drop in on xl0 inet6 from fe80::260:8cff:fef1:8800 to anyblock drop in log quick on xl0 inet from 10.0.0.0/8 to any label "block private networks from wan block 10/8"block drop in log quick on ng0 inet from 10.0.0.0/8 to any label "block private networks from wan block 10/8"block drop in log quick on xl0 inet from 127.0.0.0/8 to any label "block private networks from wan block 127/8"block drop in log quick on ng0 inet from 127.0.0.0/8 to any label "block private networks from wan block 127/8"block drop in log quick on xl0 inet from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"block drop in log quick on ng0 inet from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"block drop in log quick on xl0 inet from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"block drop in log quick on ng0 inet from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"anchor "limitingesr" allblock drop in quick from <virusprot> to any label "virusprot overload table"anchor "wanbogons" allblock drop in log quick on xl0 from <bogons> to any label "block bogon networks from wan"block drop in log quick on ng0 from <bogons> to any label "block bogon networks from wan"pass out quick on xl1 proto icmp all keep state label "let out anything from firewall host itself"pass out quick on xl0 proto icmp all keep state label "let out anything from firewall host itself"pass out quick on ng0 proto icmp all keep state label "let out anything from firewall host itself"pass out quick on ng0 all flags S/SA keep state (tcp.closed 5) label "let out anything from firewall host itself"anchor "firewallout" allpass out quick on xl0 all flags S/SA keep state label "let out anything from firewall host itself"pass out quick on ng0 all flags S/SA keep state label "let out anything from firewall host itself"pass out quick on xl1 all flags S/SA keep state label "let out anything from firewall host itself"pass out quick on enc0 all flags S/SA keep state label "IPSEC internal host to host"pass out quick on ng0 proto icmp all keep state (tcp.closed 5) label "let out anything from firewall host itself"anchor "anti-lockout" allpass in quick on xl1 inet from any to 10.0.0.1 flags S/SA keep state label "anti-lockout web rule"block drop in log quick proto tcp from <sshlockout> to any port = ssh label "sshlockout"anchor "ftpproxy" allanchor "pftpx/*" allpass in quick on xl0 inet proto tcp from any to 10.0.0.10 port = 5901 flags S/SA keep state label "USER_RULE: NAT VNC Appserver"pass in quick on ng0 inet proto tcp from any to 10.0.0.10 port = 5901 flags S/SA keep state label "USER_RULE: NAT VNC Appserver"pass in quick on xl0 inet proto tcp from any to 10.0.0.10 port = 8000 flags S/SA keep state label "USER_RULE: NAT SQL Admin"pass in quick on ng0 inet proto tcp from any to 10.0.0.10 port = 8000 flags S/SA keep state label "USER_RULE: NAT SQL Admin"pass in quick on xl0 inet proto tcp from any to 10.0.0.10 port = 8080 flags S/SA keep state label "USER_RULE: NAT RC Appserver"pass in quick on ng0 inet proto tcp from any to 10.0.0.10 port = 8080 flags S/SA keep state label "USER_RULE: NAT RC Appserver"pass in quick on xl0 inet proto tcp from any to 10.0.0.10 port = ssh flags S/SA keep state label "USER_RULE: NAT SSH (Appserver)"pass in quick on ng0 inet proto tcp from any to 10.0.0.10 port = ssh flags S/SA keep state label "USER_RULE: NAT SSH (Appserver)"pass in quick on xl1 inet from 10.0.0.0/24 to any flags S/SA keep state label "USER_RULE: Default LAN -> any"pass in quick on xl1 inet proto tcp from any to 127.0.0.1 port = ftp-proxy flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"pass in quick on xl1 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"anchor "imspector" allanchor "miniupnpd" allblock drop in log quick all label "Default deny rule"block drop out log quick all label "Default deny rule"Att,Pedro de Almeida