📄 pgpnetprefs.c
字号:
(void *) &sTemplateFirewallRule,
sizeof(sTemplateFirewallRule)},
{kPGPNetPrefSmartRuleArray,
"SmartRuleList",
kPGPPrefType_Array,
(void *) &sTemplateFirewallRule,
sizeof(sTemplateFirewallRule)},
};
const PGPSize knownRuleDefaultsSize =
sizeof(knownRuleDefaults) / sizeof(PGPPrefDefinition);
/* ... end of code formerly in pgpNetPrefs.h */
static PGPNetPrefFirewallRule sPresetFirewallRules_Minimal[] =
{
{
/* Allow IPsec ESP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ESP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow IPsec ESP", "", {0}, 0, kPGPFireRuleType_Top, FALSE
},
{
/* ICMP Group */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Ping and ICMP", "", {0}, 0, kPGPFireRuleType_Group, FALSE
},
{
/* Block incoming pings */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_EchoRequest,0,0,0},
"Block incoming pings", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{
/* Block incoming timestamp */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_TimestampRequest,0,0,0},
"Block ICMP Timestamp", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{
/* Block incoming addr mask request */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_AddressMaskReq,0,0,0},
"Block ICMP Addr Mask", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{
/* Block incoming info request */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_InfoRequest,0,0,0},
"Block ICMP Info Req", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{
/* Block incoming router solicit */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_RouterSolicitation,0,0,0},
"Block ICMP Router Solicit", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{
/* Block incoming redirect */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_Redirect,0,0,0},
"Block ICMP Redirect", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{
/* Allow all ICMP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow all ICMP", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{ /* Allow bootp */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootps,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootpc,0,0,0},
"Allow bootp", "", {0}
},
{ /* Allow DNS */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_dns,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow DNS", "", {0}
},
{ /* Allow IKE */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ike,0,0,0},
"Allow IKE", "", {0}
},
{ /* Allow Network Time Protocol */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
"Allow Net Time Protocol", "", {0}
},
{ /* Allow auth */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 1, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_auth,0,0,0},
"Allow auth", "", {0}
},
{ /* NetBIOS Group */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"NetBIOS Group", "", {0}, 0, kPGPFireRuleType_Group, FALSE
},
{ /* Allow NetBIOS Name Service */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ns,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ns,0,0,0},
"Allow NetBIOS Name Service", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{ /* Allow NetBIOS Datagram */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_dgm,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_dgm,0,0,0},
"Allow NetBIOS Datagram", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{ /* Allow NetBIOS Session Incoming */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ssn,0,0,0},
"Allow NetBIOS Session Incoming", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{ /* Allow NetBIOS Session Outbound */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ssn,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow NetBIOS Session Outgoing", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{ /* Allow NetBIOS TCP Session Incoming */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ssn,0,0,0},
"Allow NetBIOS TCP Incoming", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{ /* Block NetBIOS Session Incoming */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ssn,0,0,0},
"Block NetBIOS TCP Incoming", "", {0}, 0, kPGPFireRuleType_Child, FALSE
},
{ /* Allow high UDP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
"Allow all high UDP", "", {0}
},
{ /* Allow all other TCP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow all TCP", "", {0}
}
};
static PGPNetPrefFirewallRule sPresetFirewallRules_ClientMedium[] =
{
{
/* Allow IPsec ESP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ESP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow IPsec ESP", "", {0}
},
{
/* Allow incoming pings */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_EchoReply,0,0,0},
"Allow ping reply Incoming", "", {0}
},
{
/* Allow outgoing pings */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_EchoRequest,0,0,0},
"Allow ping req Outgoing", "", {0}
},
{
/* Allow dest unreachable */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_DestUnreachable,0,0,0},
"Allow ICMP Dest Unr Incoming", "", {0}
},
{
/* Allow TTL Exceeded < */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_TimeExceeded,0,0,0},
"Allow ICMP TTL Incoming", "", {0}
},
{
/* Allow source quench */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_SourceQuench,0,0,0},
"Allow ICMP Src Quench", "", {0}
},
{ /* Allow bootp */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootps,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootpc,0,0,0},
"Allow bootp", "", {0}
},
{ /* Allow DNS */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_dns,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow DNS", "", {0}
},
{ /* Allow IKE */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ike,0,0,0},
"Allow IKE", "", {0}
},
{ /* Allow Network Time Protocol */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
"Allow Net Time Protocol", "", {0}
},
{ /* Allow auth */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 1, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_auth,0,0,0},
"Allow auth", "", {0}
},
{ /* Allow NetBIOS Name Service */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ns,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ns,0,0,0},
"Allow NetBIOS Name Serv", "", {0}
},
{ /* Allow NetBIOS Datagram */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_dgm,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_dgm,0,0,0},
"Allow NetBIOS Datagram", "", {0}
},
{ /* Allow NetBIOS Session Outbound */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ssn,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow NetBIOS Session Outgoing", "", {0}
},
{ /* Allow high UDP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
"Allow all high UDP", "", {0}
},
{ /* Allow ftpdata in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ftpdata,0,0,0},
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
"Allow ftpdata in", "", {0}
},
{ /* Allow all other TCP Outbound only */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow all TCP out", "", {0}
}
};
static PGPNetPrefFirewallRule sPresetFirewallRules_ClientHigh[] =
{
{
/* Allow IPsec ESP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ESP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow IPsec ESP", "", {0}
},
{
/* Allow ICMP Dest Unreachable */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_DestUnreachable,0,0,0},
"Allow ICMP Dest Un", "", {0}
},
{
/* Allow source quench */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_SourceQuench,0,0,0},
"Allow ICMP Src Quench", "", {0}
},
{ /* Allow bootp */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootps,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootpc,0,0,0},
"Allow bootp", "", {0}
},
{ /* Allow DNS */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_dns,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow DNS", "", {0}
},
{ /* Allow IKE */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ike,0,0,0},
"Allow IKE", "", {0}
},
{ /* Allow Network Time Protocol */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
"Allow Net Time Protocol", "", {0}
},
{ /* Allow all other TCP Outbound only */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow all TCP out", "", {0}
}
};
static PGPNetPrefFirewallRule sPresetFirewallRules_ServerMedium[] =
{
{
/* Allow IPsec ESP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ESP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow IPsec ESP", "", {0}
},
{
/* Allow incoming pings */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_EchoReply,0,0,0},
"Allow ping reply", "", {0}
},
{
/* Allow outgoing pings */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_EchoRequest,0,0,0},
"Allow ping req", "", {0}
},
{
/* Allow source quench */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -