#Aqui libero o dns e fecho todo o resto do udp nas duas interfaces
#Bloqueio de udp
/sbin/ipfw add allow udp from any to any 53
/sbin/ipfw add allow udp from any to any 53
/sbin/ipfw add deny udp from any to any in via bge0
/sbin/ipfw add deny udp from any to any out via bge0
/sbin/ipfw add deny udp from any to any in via bge1
/sbin/ipfw add deny udp from any to any out via bge1


# bloqueia pacotes fragmentados/alterados/inconformes
/sbin/ipfw add drop tcp from any to any frag
/sbin/ipfw add drop tcp from any to any tcpflags syn,rst
/sbin/ipfw add drop tcp from any to any tcpflags syn,fin
/sbin/ipfw add drop all from any to any ipoptions lsrr
/sbin/ipfw add drop all from any to any ipoptions ssrr
/sbin/ipfw add deny tcp from any to any ipoptions ssrr,lsrr,rr

#Aqui bloqueando o spoofing
# Bloqueio de pacotes com endereço origem de classes
#de endereçamento IP reservadas
/sbin/ipfw add deny ip from 10.0.0.0:255.0.0.0 to 200.xxx.xxx.98 via bge1 in
/sbin/ipfw add deny ip from 172.16.0.0:255.0.0.0 to 200.xxx.xxx.98 via bge1 in
/sbin/ipfw add deny ip from 192.168.0.0:255.255.0.0 to 200.xxx.xxx.98 via bge1 in