FreeBSD4.8 IPFW How to!


测试机IP为211.162.77.73
网卡为:xl0
内核中加了流量管理,你可以根据实际需要增删。

uname -a
如果你用的是默认内核GENERIC则如下操作:
=============================================
cd /sys/i386/conf
cp GENERIC ./GENERIC_IPFW
---------------------------------
ee GENERIC_IPFW 添加以下内容

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIM99v=100
options IPSTEALTH
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
options ICMP_BANDLIM
options DUMMYNET
---------------------------------
config ./GENERIC_IPFW
cd ../../compile/GENERIC_IPFW
make depend all install
---------------------------------
ee /etc/rc.conf 添加以下内容

##########IP-firewall#################
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.conf"
firewall_quiet="YES"
firewall_logging_enable="YES"
---------------------------------
ee /etc/syslog.conf 添加以下内容

!ipfw
*.* /var/log/ipfw.log
---------------------------------
ee /etc/ipfw.conf 添加以下内容

add 00001 deny log ip from any to any ipopt rr
add 00002 deny log ip from any to any ipopt ts
add 00003 deny log ip from any to any ipopt ssrr
add 00004 deny log ip from any to any ipopt lsrr
add 00005 deny tcp from any to any in tcpflags syn,fin
#######tcp#########
add 10000 allow tcp from 211.162.77.77 to 211.162.77.73 22 in
add 10001 allow tcp from any to 211.162.77.73 21,25,80,110,3306,5999 in
add 19997 check-state
add 19998 allow tcp from any to any out keep-state setup
add 19999 allow tcp from any to any out
######udp##########
add 20001 allow udp from any 53 to me in recv xl0
add 20002 allow udp from any to 211.162.77.73 53 in recv xl0
add 29999 allow udp from any to any out
######icmp#########
add 30000 allow icmp from any to any icmptypes 3,4
add 30001 allow icmp from any to any icmptypes 8 out
add 30002 allow icmp from any to any icmptypes 0,11 in

本文作者:



相关阅读:
摸清Linux日志处理的来龙去脉
简单实用的缓存函数
你从没见过的HTML5动画效果
js获取.aspx页面里面的服务器控件和.ascx中的服务器控件值
TNS-12519 与 processes 参数设置
网页前端常见的攻击方式和预防攻击办法
浅谈利用浮点数操作Oracle数据库日期
dedecms中[field:imglink/]图片大小问题解决办法
VBS教程:VBscript属性-Description 属性
smarty 原来也不过如此~~呵呵
不固定参数的存储过程实现代码
创建无表格网站的原因和原则 译文
如何选择合适的MySQL存储引擎
自己碰上的IE8兼容笔记
快速导航

Copyright © 2016 phpStudy |