|
|||||||||||||||||
| FreeBSD4.8 IPFW How to! |
|
|
网卡为:xl0 内核中加了流量管理,你可以根据实际需要增删。 uname -a 如果你用的是默认内核GENERIC则如下操作: ============================================= cd /sys/i386/conf cp GENERIC ./GENERIC_IPFW --------------------------------- ee GENERIC_IPFW 添加以下内容 options IPFIREWALL options IPDIVERT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPSTEALTH options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP options ICMP_BANDLIM options DUMMYNET --------------------------------- config ./GENERIC_IPFW cd ../../compile/GENERIC_IPFW make depend all install --------------------------------- ee /etc/rc.conf 添加以下内容 ##########IP-firewall################# firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="/etc/ipfw.conf" firewall_quiet="YES" firewall_logging_enable="YES" --------------------------------- ee /etc/syslog.conf 添加以下内容 !ipfw *.* /var/log/ipfw.log --------------------------------- ee /etc/ipfw.conf 添加以下内容 add 00001 deny log ip from any to any ipopt rr add 00002 deny log ip from any to any ipopt ts add 00003 deny log ip from any to any ipopt ssrr add 00004 deny log ip from any to any ipopt lsrr add 00005 deny tcp from any to any in tcpflags syn,fin #######tcp######### add 10000 allow tcp from 211.162.77.77 to 211.162.77.73 22 in add 10001 allow tcp from any to 211.162.77.73 21,25,80,110,3306,5999 in add 19997 check-state add 19998 allow tcp from any to any out keep-state setup add 19999 allow tcp from any to any out ######udp########## add 20001 allow udp from any 53 to me in recv xl0 add 20002 allow udp from any to 211.162.77.73 53 in recv xl0 add 29999 allow udp from any to any out ######icmp######### add 30000 allow icmp from any to any icmptypes 3,4 add 30001 allow icmp from any to any icmptypes 8 out add 30002 allow icmp from any to any icmptypes 0,11 in |
|
| 上一篇:ipfw规则 下一篇:文件特殊权限的解释 |
| 大部分文章摘自网上,如有侵犯您的权益请与我们联系,我们会第一时间进行处理,谢谢! | [ 打印文章 ] [ 关闭窗口 ] |