#!/bin/sh
#
#	/etc/rc.d/rc.filter
#
#	Copyright 1997 Owl River Company
#		info@owlriver.com
#	All rights reserved
#		614 - 221 - 0695
#
#	master on pokey
#	
VERSION=1.02
#	
##############################################################
#
#	set up the modules
#
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp.o
/sbin/modprobe ip_masq_raudio.o
/sbin/modprobe ip_masq_irc.o

#       set up the masq function
#
/sbin/ipfwadm -F -f
/sbin/ipfwadm -F -p deny
#
#
#	prevent Netbios transfer
#
echo ipfwadm 1 - stop netbios leak
/sbin/ipfwadm -F -a deny -P udp  -S 10.0.0.0/8 137 -D 0.0.0.0/0
/sbin/ipfwadm -F -a deny -P tcp  -S 10.0.0.0/8 137 -D 0.0.0.0/0
/sbin/ipfwadm -F -a deny -P udp  -S 10.0.0.0/8 138 -D 0.0.0.0/0
/sbin/ipfwadm -F -a deny -P tcp  -S 10.0.0.0/8 138 -D 0.0.0.0/0
#  no such thing as UDP/139 
#   /sbin/ipfwadm -F -a deny -P udp  -S 10.0.0.0/8 139 -D 0.0.0.0/0
/sbin/ipfwadm -F -a deny -P tcp  -S 10.0.0.0/8 139 -D 0.0.0.0/0
#
#	and explicitly drop netbios from the outside, in
#	   added 980427
#
echo ipfwadm 2 - stop netbios attack
/sbin/ipfwadm -F -a deny -P udp  -S 0.0.0.0/0 137 -D 10.0.0.0/8
/sbin/ipfwadm -F -a deny -P tcp  -S 0.0.0.0/0 137 -D 10.0.0.0/8
/sbin/ipfwadm -F -a deny -P udp  -S 0.0.0.0/0 138 -D 10.0.0.0/8
/sbin/ipfwadm -F -a deny -P tcp  -S 0.0.0.0/0 138 -D 10.0.0.0/8
#  no such thing as UDP/139 
#    /sbin/ipfwadm -F -a deny -P udp  -S 0.0.0.0/0 139 -D 10.0.0.0/8
/sbin/ipfwadm -F -a deny -P tcp  -S 0.0.0.0/0 139 -D 10.0.0.0/8
#
#	and rule out the RPC/NFS exploit
#
echo ipfwadm 3 - rpc/nfs - allow leak - stop attack
ipfwadm -I -a accept -P TCP -S 10.0.0.0/8 \
        -D 0.0.0.0/0 111
ipfwadm -I -a accept -P TCP -S 10.0.0.0/8 \
        -D 0.0.0.0/0 635
ipfwadm -I -a deny -P TCP -S 0.0.0.0/0 -D 0.0.0.0/0 111
ipfwadm -I -a deny -P TCP -S 0.0.0.0/0 -D 0.0.0.0/0 635
#
#	no outside communication by the NT
#
echo ipfwadm 10 - local option matters
#     Nothing from the NT server leaks
/sbin/ipfwadm -F -a deny -P udp  -S 10.0.0.99 -D 0.0.0.0/0
/sbin/ipfwadm -F -a deny -P tcp  -S 10.0.0.99 -D 0.0.0.0/0
#
#	extended 980427
#
#
echo ipfwadm 11 - local option - more
/sbin/ipfwadm -F -a deny -P udp  -S 0.0.0.0/0 -D 10.0.0.99
/sbin/ipfwadm -F -a deny -P tcp  -S 0.0.0.0/0 -D 10.0.0.99
#
#	allow NTP -- 980504
#
#ntp             123/tcp                         # Network Time Protocol
#ntp             123/udp                         # Network Time Protocol
#
echo ipfwadm 15
/sbin/ipfwadm -F -a accept -m -P udp  -S 10.0.0.0/8 123 -D 0.0.0.0/0
/sbin/ipfwadm -F -a accept -m -P tcp  -S 10.0.0.0/8 123 -D 0.0.0.0/0
#
#	outbound modem - special source IP
#
#
echo ipfwadm 17
/sbin/ipfwadm -F -a accept -m -S 172.16.34.52 -D 0.0.0.0/0
#
#
#	Block probing sites
#
#		hubbs.net	970623 -- fake DNS info
echo ipfwadm 20 - blocking
/sbin/ipfwadm -I -a deny -P all  -S 207.78.57.0/24     -D 0.0.0.0/0
#
#		alcor.nstar.net	970821 -- fake DNS info
/sbin/ipfwadm -I -a deny -P all  -S 204.255.96.0/24     -D 0.0.0.0/0
#
#
#	goes in /etc/rc.d, before rc.masq
#