日本免费全黄少妇一区二区三区-高清无码一区二区三区四区-欧美中文字幕日韩在线观看-国产福利诱惑在线网站-国产中文字幕一区在线-亚洲欧美精品日韩一区-久久国产精品国产精品国产-国产精久久久久久一区二区三区-欧美亚洲国产精品久久久久

  1. 首頁 > 云知道 > >

FreeBSD4.8 IPFW How to!

云知道

測試機IP為211.162.77.73
網(wǎng)卡為:xl0
內(nèi)核中加了流量管理,你可以根據(jù)實際需要增刪 。

uname -a
如果你用的是默認(rèn)內(nèi)核GENERIC則如下操作:
=============================================
cd /sys/i386/conf
cp GENERIC ./GENERIC_IPFW
---------------------------------
ee GENERIC_IPFW 添加以下內(nèi)容

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPSTEALTH
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
options ICMP_BANDLIM
options DUMMYNET
---------------------------------
config ./GENERIC_IPFW
cd ../../compile/GENERIC_IPFW
make depend all install
---------------------------------
ee /etc/rc.conf 添加以下內(nèi)容

##########IP-firewall#################
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.conf"
firewall_quIEt="YES"
firewall_logging_enable="YES"
---------------------------------
ee /etc/syslog.conf 添加以下內(nèi)容

!ipfw
*.* /var/log/ipfw.log
---------------------------------
ee /etc/ipfw.conf 添加以下內(nèi)容

add 00001 deny log ip from any to any ipopt rr
add 00002 deny log ip from any to any ipopt ts
add 00003 deny log ip from any to any ipopt ssrr
add 00004 deny log ip from any to any ipopt lsrr
add 00005 deny tcp from any to any in tcpflags syn,fin
#######tcp#########
add 10000 allow tcp from 211.162.77.77 to 211.162.77.73 22 in
add 10001 allow tcp from any to 211.162.77.73 21,25,80,110,3306,5999 in
add 19997 check-state
add 19998 allow tcp from any to any out keep-state setup
add 19999 allow tcp from any to any out
######udp##########
add 20001 allow udp from any 53 to me in recv xl0
add 20002 allow udp from any to 211.162.77.73 53 in recv xl0
add 29999 allow udp from any to any out
######icmp#########
add 30000 allow icmp from any to any icmptypes 3,4
add 30001 allow icmp from any to any icmptypes 8 out
add 30002 allow icmp from any to any icmptypes 0,11 in

    推薦閱讀