swaggboi/netbsd_dot_files
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filter ICMP by types

Browse Source
This commit is contained in:
swagg boi 2025-03-23 22:06:27 -04:00
parent 1f349b5f81
commit 6e8cf3d66d
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
my_etc/npf.conf
View File

@ -1,18 +1,26 @@
# TODO: Allow in ICMP(v6) by message type
# TODO: Rate-limit ssh # TODO: Rate-limit ssh
$services = { mdns, ssh } $services = { ssh, mdns }
group "services" in {
pass stateful proto { tcp, udp } to any port $services
}
group "icmp" in {
pass stateful proto icmp icmp-type echo all
pass stateful proto ipv6-icmp icmp-type rtsol all
pass stateful proto ipv6-icmp icmp-type rtadv all
pass stateful proto ipv6-icmp icmp-type neighsol all
pass stateful proto ipv6-icmp icmp-type neighadv all
}
group "localhost" in on lo0 { group "localhost" in on lo0 {
pass stateful all pass stateful all
} }
group default { group default {
# Default rule
block all block all
pass stateful in proto { tcp, udp } to any port $services
# Let it goooooo
pass stateful out all pass stateful out all
} }