KAN`ский блог Мысли вслух…
  • Янв
    13

    настройка ipfw

    Filed under: Основная; Tagged as:

    Настройки ниже…

    /etc/rc.conf

    firewall_enable="YES"
    firewall_type="open"
    firewall_script="/etc/ipfw.rules"

    /etc/ipfw.rules

    #!/bin/sh
    ipfw -q -f flush   
    
    oif="xl0"           
    cmd="ipfw -q add "    
    ks="keep-state"        
    
    $cmd 00100 pass all from any to any via lo0 #localhost
    
    $cmd 00101 deny all from any to 127.0.0.0/8
    $cmd 00102 deny all from 127.0.0.0/8 to any
    $cmd 00500 check-state
    $cmd 00502 deny all from any to any frag
    $cmd 00501 deny tcp from any to any established
    $cmd 00600 allow tcp from any to any out via $oif setup $ks
    $cmd 00601 allow udp from any to any out via $oif $ks
    
    # allow in to www & ssh
    $cmd 00700 allow tcp from any to any 80 in via $oif setup $ks #www
    $cmd 00701 allow tcp from any to any 22 in via $oif setup $ks #ssh
    
    # ping
    #$cmd 02000 allow icmp from any to any out icmptype 8
    #$cmd 02001 allow icmp from any to any in icmptype 0
    $cmd 02000 allow icmp from any to any
    Комментарии к записи настройка ipfw отключены

Comments are closed.