#!/bin/sh # Sample Ruleset . ./pfconf.functions . ./pfconf.services # Status: 2004-11-19 # Changed by: mail_GROUP="$smtp $pop3 $pop3s $imap $imaps" #--------------------------------------------------------------------- # global Objects # LAN localnet="192.168.1.0/24" # Admin workstations admin_vtanger="192.168.1.1" admin_wks="192.168.1.2" admin_GROUP="$admin_vtanger $admin_wks" #============================================= # Admin access # Check: 2004-06-30 PFinit "$admin_GROUP" #============================================= # Infrastructure # Check: 2004-06-30 PFrule "$localnet" "$anyhost" "$dns" "ACCEPT" #--------------------- # Mail system # Check: 2004-06-30 srv_mail1="213.203.244.188" srv_mail2="213.203.244.185" srv_mail_GROUP="$srv_mail1 $srv_mail2" PFrule "$localnet" "$srv_mail_GROUP" "$mail_GROUP" "ACCEPT" #--------------------- # WWW servers # Check: 2004-06-30 www_wyae="213.203.244.188" www_follow="195.234.139.224" www_GROUP="$www_wyae $www_follow" PFrule "$localnet" "$www_GROUP" "$http $https" "ACCEPT" #============================================= # phone home echo " " > $0.routing echo "========================================================" >> $0.routing echo " " >> $0.routing netstat -nr >> $0.routing echo " " >> $0.routing echo "========================================================" >> $0.routing echo " " >> $0.routing ifconfig >> $0.routing cat $0 $0.routing | mail -s "Rulechange on Firewall $HOSTNAME" root