KAN`ский блог
Мысли вслух…
-
Янв13
настройка ipfw
Filed under: Без рубрики;Комментарии к записи настройка ipfw отключеныНастройки ниже…
/etc/rc.conf
firewall_enable="YES" firewall_type="open" firewall_script="/etc/ipfw.rules"
/etc/ipfw.rules
#!/bin/sh ipfw -q -f flush oif="xl0" cmd="ipfw -q add " ks="keep-state" $cmd 00100 pass all from any to any via lo0 #localhost $cmd 00101 deny all from any to 127.0.0.0/8 $cmd 00102 deny all from 127.0.0.0/8 to any $cmd 00500 check-state $cmd 00502 deny all from any to any frag $cmd 00501 deny tcp from any to any established $cmd 00600 allow tcp from any to any out via $oif setup $ks $cmd 00601 allow udp from any to any out via $oif $ks # allow in to www & ssh $cmd 00700 allow tcp from any to any 80 in via $oif setup $ks #www $cmd 00701 allow tcp from any to any 22 in via $oif setup $ks #ssh # ping #$cmd 02000 allow icmp from any to any out icmptype 8 #$cmd 02001 allow icmp from any to any in icmptype 0 $cmd 02000 allow icmp from any to any