; config by Deniss (deniss at fuckoff.com) packet en0 0x60 159.148.51.152/27 packet en1 0x61 10.12.10.254/24 packet en2 0x62 10.13.10.1/24 ; ------------------------------------------------------------- ; general reset for unknown packets set nat send-reset on set nat send-icmp on nat en0 icmp 159.148.51.152 159.148.51.152 nat en0 * * 159.148.51.152 ; -------------------------------------------------------------- ; set filters for security ; block all NetBEUI over TCPIP accesses filter en0 drop in udp * *:137-139 filter en0 drop in tcp * *:137-139 filter en0 drop out tcp * *:139 ; misc filters - Back Orifice filter en0 log drop in udp * *:31337 filter en0 log drop in tcp * *:12345 filter en0 log drop out udp * *:31337 filter en0 log drop out tcp * *:12345 ; Filter attempts to Telnet to the router from outside filter en0 permit in tcp 159.148.51.129/27 159.148.51.152:23 filter en0 permit in tcp 159.148.51.129/27 159.148.51.152:21 filter en0 drop in tcp * 159.148.51.152:23 filter en0 drop in tcp * 159.148.51.152:21 ; permit everything else filter en0 permit in * * * filter en0 permit out * * * ; -------------------------------------------------------------- ; latvian rulez for class filter en2 permit in * * 159.148.0.0/16 filter en2 permit in * * 193.41.195.0/24 filter en2 permit in * * 193.41.33.0/24 filter en2 permit in * * 193.41.45.0/24 filter en2 permit in * * 193.68.64.0/19 filter en2 permit in * * 193.108.29.0/24 filter en2 permit in * * 193.108.144.0/22 filter en2 permit in * * 193.108.185.0/24 filter en2 permit in * * 193.109.211.0/24 filter en2 permit in * * 193.110.8.0/23 filter en2 permit in * * 193.178.150.0/23 filter en2 permit in * * 193.178.176.0/21 filter en2 permit in * * 193.178.192.0/22 filter en2 permit in * * 193.178.232.0/23 filter en2 permit in * * 194.105.56.0/23 filter en2 permit in * * 194.125.240.0/23 filter en2 permit in * * 194.153.171.0/24 filter en2 permit in * * 194.153.79.0/24 filter en2 permit in * * 194.19.224.0/19 filter en2 permit in * * 194.42.55.128/25 filter en2 permit in * * 194.8.1.0/24 filter en2 permit in * * 194.8.2.0/23 filter en2 permit in * * 194.8.4.0/22 filter en2 permit in * * 194.8.8.0/22 filter en2 permit in * * 194.8.12.0/23 filter en2 permit in * * 194.8.16.0/21 filter en2 permit in * * 194.8.24.0/22 filter en2 permit in * * 194.8.32.0/21 filter en2 permit in * * 194.8.40.0/22 filter en2 permit in * * 194.8.44.0/24 filter en2 permit in * * 194.9.170.0/24 filter en2 permit in * * 194.9.171.0/24 filter en2 permit in * * 194.9.175.0/24 filter en2 permit in * * 195.114.32.0/19 filter en2 permit in * * 195.122.0.0/19 filter en2 permit in * * 195.13.128.0/17 filter en2 permit in * * 195.2.96.0/19 filter en2 permit in * * 195.216.160.0/19 filter en2 permit in * * 195.244.128.0/19 filter en2 permit in * * 195.35.107.0/24 filter en2 permit in * * 195.35.114.0/23 filter en2 permit in * * 195.62.128.0/19 filter en2 permit in * * 212.70.160.0/19 filter en2 permit in * * 212.93.96.0/19 filter en2 permit in * * 213.21.192.0/18 filter en2 permit in * * 213.175.64.0/18 filter en2 permit in * * 213.182.192.0/19 filter en2 permit in * * 217.21.160.0/20 filter en2 permit in * * 217.198.224.0/20 filter en2 permit in * * 217.199.96.0/19 filter en2 permit in * * 62.84.0.0/19 filter en2 permit in * * 62.85.0.0/17 filter en2 permit in * * 80.232.128.0/17 filter en2 permit in * * 80.233.128.0/17 filter en2 permit in * * 80.249.192.0/20 filter en2 permit in * * 80.81.32.0/20 filter en2 permit in * * 80.90.0.0/20 filter en2 drop in * * * filter en1 permit in * * * filter en1 permit out * * * route * en0 159.148.51.129 beep ;set log udp set nat ftp-pasv off set nat ftp-data-any off user aivars Mak14 *:21 telnetd do_tel ftpd command exit do_tel: on cdloss drop_tel wait .5 on timeout drop_tel send "\r\nlogin:" set echo on read 60 "\r\n" NAME send "\r\npassword:" set echo off read 60 "\r\n" PASS authenticate NAME PASS log "$NAME logged in from $IPADDR:$PORT" send "\r\n\n" command drop_tel: exit