############################################################################################## # TRS_NBTEVO_System (2500) # A firewall shall be implemented that prevents incoming/outgoing ports on the OBD connection. # The following listed ports shall be open, all other ports not listed shall be closed # * Telnet (port 23/tcp) server on the HU/RSE (Development) - see TRS-NBTEVO-SYS-426 # * SSH (port 22/tcp) server on the HU/RSE (Development) - see TRS-NBTEVO-SYS-426 # * qconnd (port 8000/tcp) server on the HU/RSE (Development) - see TRS-NBTEVO-SYS-426 # * HTTP (port 80/tcp) server on the HU/RSE (TraceServer) # * HTTP (port 80/tcp, 81/tcp) client on the HU/RSE (HTTP update Navi Database) # * Diagnostics (port 6801/tcp, 6811/tcp) server on the HU/RSE # * NetBIOS SMB (port 137/udp, 138/udp, 139/tcp, 445/tcp) server on the HU/RSE # * BOOTP/DHCP (port 67/udp, 68/udp as defined for NBT) client on the HU/RSE # * GnLogger (port 851/tcp/udp) server on the HU/RSE # * In addition, ICMP is passed through to allow for PING requests for the factory. # For E-Sys flashing the following ports are required to be open: # * 8000, 8080, 8888, 12000-13000 (TCP server on HU) ############################################################################################## # definition of ext obd interface obd_if = "dwc0" vlan_ifx49 = "vlan73" vlan_ifx4D = "vlan77" vlan_ifx56 = "vlan86" block on $obd_if all #pass quick on $obd_if pass on $vlan_ifx49 pass on $vlan_ifx4D pass quick on $vlan_ifx56 # SSH pass quick on $obd_if proto tcp from any to any port 22 keep state # Telnet pass quick on $obd_if proto tcp from any to any port 23 keep state # bootp/dhcp pass quick on $obd_if proto {tcp,udp} from {0.0.0.0,(self)} port 68 to 255.255.255.255 port 67 keep state pass quick on $obd_if proto {tcp,udp} from any port 67 to{255.255.255.255,(self)} port 68 keep state # TraceServer RSE pass quick on $obd_if proto tcp from any to any port 80 keep state # update NaviDB over http pass out quick on $obd_if proto tcp from any to any port 81 keep state # NETBios pass quick on $obd_if proto udp from any to any port 137 pass quick on $obd_if proto udp from any to any port 138 pass out quick on $obd_if proto tcp from any to any port 139 keep state # Windows ActiveDirectory pass out quick on $obd_if proto tcp from any to any port 445 keep state # ??? # pass quick on $obd_if proto {tcp,udp} from any to any port 3804 keep state # GNLogger pass quick on $obd_if proto {tcp,udp} from any to any port 851 keep state # Diagnosis/SWDL pass quick on $obd_if proto tcp from any to any port 6801 keep state pass quick on $obd_if proto tcp from any to any port 6811 keep state pass quick on $obd_if proto tcp from any to any port 8000 keep state pass quick on $obd_if proto tcp from any to any port 8080 keep state pass quick on $obd_if proto tcp from any to any port 8888 keep state # from 12000 to 13000 pass quick on $obd_if proto tcp from any to any port 12000:13000 keep state # ping pass quick on $obd_if proto icmp # end