📄 pgpnetprefs.c
字号:
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_SourceQuench,0,0,0},
"Allow ICMP Src Quench", "", {0}
},
{
/* Allow TTL Exceeded < */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_TimeExceeded,0,0,0},
"Allow ICMP TTL Incoming", "", {0}
},
{ /* Allow bootp */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootps,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootpc,0,0,0},
"Allow bootp", "",
},
{ /* Allow DNS */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_dns,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow DNS", "", {0}
},
{ /* Allow IKE */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ike,0,0,0},
"Allow IKE", "", {0}
},
{ /* Allow Network Time Protocol */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
"Allow Net Time Protocol", "", {0}
},
{ /* Allow high UDP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
"Allow all high UDP", "", {0}
},
{ /* Allow ftpdata out */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ftpdata,0,0,0},
"Allow ftpdata out", "", {0}
},
{ /* Allow SMTP out */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_smtp,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow SMTP out", "", {0}
},
{ /* Allow all other TCP Incoming only */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow all TCP in", "", {0}
}
};
static PGPNetPrefFirewallRule sPresetFirewallRules_ServerHigh[] =
{
{
/* Allow IPsec ESP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ESP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow IPsec ESP", "", {0}
},
{
/* Allow ICMP Dest Unreachable */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_DestUnreachable,0,0,0},
"Allow ICMP Dest Un", "", {0}
},
{
/* Allow source quench */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_SourceQuench,0,0,0},
"Allow ICMP Src Quench", "", {0}
},
{ /* Allow bootp */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootps,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootpc,0,0,0},
"Allow bootp", "", {0}
},
{ /* Allow DNS */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_dns,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow DNS", "", {0}
},
{ /* Allow IKE */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ike,0,0,0},
"Allow IKE", "", {0}
},
{ /* Allow Network Time Protocol */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
"Allow Net Time Protocol", "", {0}
},
{ /* Allow ftpdata out */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Range, 2, {1024,65535,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ftpdata,0,0,0},
"Allow ftpdata out", "", {0}
},
{ /* Allow SMTP out */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_smtp,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow SMTP out", "", {0}
},
{ /* Allow SMTP in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_smtp,0,0,0},
"Allow SMTP in", "", {0}
},
{ /* Allow IMAP in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_imap3,0,0,0},
"Allow IMAP3 in", "", {0}
},
{ /* Allow POP3 in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_pop3,0,0,0},
"Allow POP3 in", "", {0}
},
{ /* Allow HTTP in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_http,0,0,0},
"Allow HTTP in", "", {0}
},
{ /* Allow HTTPS in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_https,0,0,0},
"Allow HTTPS in", "", {0}
},
{ /* Allow LDAP in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ldap,0,0,0},
"Allow LDAP in", "", {0}
},
{ /* Allow LDAPS in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_sldap,0,0,0},
"Allow LDAPS in", "", {0}
},
{ /* Allow NNTP in */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_nntp,0,0,0},
"Allow NNTP in", "", {0}
},
};
static PGPNetPrefFirewallRule sPresetFirewallRules_LearnStarter[] =
{
{
/* Allow IPsec ESP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ESP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow IPsec ESP", "", {0}, 0, kPGPFireRuleType_Top
},
{
/* ICMP Group */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Ping and ICMP", "", {0}, 0, kPGPFireRuleType_Group
},
{
/* Block incoming pings */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_EchoRequest,0,0,0},
"Block incoming pings", "", {0}, 0, kPGPFireRuleType_Child
},
{
/* Block incoming timestamp */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_TimestampRequest,0,0,0},
"Block ICMP Timestamp", "", {0}, 0, kPGPFireRuleType_Child
},
{
/* Block incoming addr mask request */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_AddressMaskReq,0,0,0},
"Block ICMP Addr Mask", "", {0}, 0, kPGPFireRuleType_Child
},
{
/* Block incoming info request */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_InfoRequest,0,0,0},
"Block ICMP Info Req", "", {0}, 0, kPGPFireRuleType_Child
},
{
/* Block incoming router solicit */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_RouterSolicitation,0,0,0},
"Block ICMP Router Solicit", "", {0}, 0, kPGPFireRuleType_Child
},
{
/* Block incoming redirect */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetICMPType_Redirect,0,0,0},
"Block ICMP Redirect", "", {0}, 0, kPGPFireRuleType_Child
},
{
/* Allow all ICMP */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_ICMP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow all ICMP", "", {0}, 0, kPGPFireRuleType_Child
},
{ /* Allow bootp */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootps,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_bootpc,0,0,0},
"Allow bootp", "", {0}, 0, kPGPFireRuleType_Top
},
{ /* Allow DNS */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_dns,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow DNS", "", {0}, 0, kPGPFireRuleType_Top
},
{ /* Allow IKE */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ike,0,0,0},
"Allow IKE", "", {0}, 0, kPGPFireRuleType_Top
},
{ /* Allow Network Time Protocol */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ntp,0,0,0},
"Allow Net Time Protocol", "", {0}, 0, kPGPFireRuleType_Top
},
{ /* Allow auth */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 1, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_auth,0,0,0},
"Allow auth", "", {0}, 0, kPGPFireRuleType_Top
},
{ /* NetBIOS Group */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"NetBIOS Group", "", {0}, 0, kPGPFireRuleType_Group
},
{ /* Allow NetBIOS Name Service */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ns,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ns,0,0,0},
"Allow NetBIOS Name Service", "", {0}, 0, kPGPFireRuleType_Child
},
{ /* Allow NetBIOS Datagram */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_dgm,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_dgm,0,0,0},
"Allow NetBIOS Datagram", "", {0}, 0, kPGPFireRuleType_Child
},
{ /* Allow NetBIOS Session Inbound */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ssn,0,0,0},
"Allow NetBIOS Session Incoming", "", {0}, 0, kPGPFireRuleType_Child
},
{ /* Allow NetBIOS Session Outbound */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_netbios_ssn,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow NetBIOS Session Outgoing", "", {0}, 0, kPGPFireRuleType_Child
},
{ /* Allow NetBIOS TCP Session Inbound */
TRUE, TRUE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_List, 2, {kPGPnetTCPService_netbios_ssn,kPGPnetTCPService_msds,0,0},
"Allow NetBIOS TCP Incoming", "", {0}, 0, kPGPFireRuleType_Child
},
{ /* Block NetBIOS Session Inbound */
TRUE, FALSE, FALSE, 1, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_List, 2, {kPGPnetTCPService_netbios_ssn,kPGPnetTCPService_msds,0,0},
"Block NetBIOS TCP Incoming", "", {0}, 0, kPGPFireRuleType_Child
},
{ /* Allow NetBIOS TCP Session Outbound */
TRUE, TRUE, FALSE, 2, kPGPnetIPProtocol_TCP,
kPGPnetAddrType_LocalSubnet, 0, 0,
kPGPnetIPServiceType_List, 2, {kPGPnetTCPService_netbios_ssn,kPGPnetTCPService_msds,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Allow NetBIOS TCP Outgoing", "", {0}, 0, kPGPFireRuleType_Child
}
};
static PGPNetPrefFirewallRule sPresetKnownRules_Auto[] =
{
{ /* Allow DNS */
TRUE, TRUE,FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_dns,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Automatic Rule - Allow DNS", "", {0},
0, kPGPFireRuleType_Top
},
{ /* Allow IPsec ESP */
TRUE, TRUE,FALSE, 0, kPGPnetIPProtocol_ESP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"Automatic Rule - Allow IPsec ESP", "", {0},
0, kPGPFireRuleType_Top
},
{ /* Allow IKE */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_ike,0,0,0},
"Automatic Rule - Allow IKE", "", {0},
0, kPGPFireRuleType_Top
},
{ /* Allow auth */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_UDP,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 1, {0,0,0,0},
kPGPnetIPServiceType_Single, 1, {kPGPnetTCPService_auth,0,0,0},
"Automatic Rule - Allow auth", "", {0},
0, kPGPFireRuleType_Top
}
};
static PGPNetPrefFirewallRule sPresetKnownRules_Known[] =
{
{ /* PGPService Group */
TRUE, TRUE, FALSE, 0, kPGPnetIPProtocol_All,
kPGPnetAddrType_Any, 0, 0,
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
kPGPnetIPServiceType_Any, 0, {0,0,0,0},
"PGPService",
"[PGPDIR]\\PGPSERVICE.EXE", {0}, 0, kPGPFireRuleType_Group
},
{ /* PGPService */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -