‹‹ 上一主题 | 下一主题 ››
发新话题
打印

自己使用的2中防火墙 -推荐使用2

admin

DD


管理员

Rank: 9Rank: 9Rank: 9

典典论坛 CEO

UID
帖子
639 
精华
41 
威望
17  
金币
73077  
原创
0  
宣传
82593  
阅读权限
255 
在线时间
524 小时 
最后登录
2008-12-3 

荣誉奖 宣传大使奖 宣传之星 奥运纪念章

楼主 发表于 2006-10-21 21:54  只看该作者

自己使用的2中防火墙 -推荐使用2

1.开启方式 1:
1 v; x; C1 c4 R; m9 Y: u
6 U0 B, t) b' P6 o3 T0 c" S( V1 \# IPFW by ad
  |, H! X$ I( i! V  {#firewall_enable="YES"* t! c) V9 M- h  z, g
#firewall_script="/etc/ipfw.conf"
复制内容到剪贴板
代码:
# TCP
ipfw add 00100 deny tcp from any to any in tcpflags syn,fin
# www ssh ftp
ipfw add 10001 allow tcp from any to me 80 in
ipfw add 10003 allow tcp from any to me 33890 in setup limit src-addr 2
# FTP 20 21
ipfw add 10004 allow tcp from any to me 21 in setup limit src-addr 3
ipfw add 10005 allow tcp from any to me 20 in
# SENDMAIL
ipfw add 10006 allow tcp from any to me 25 in setup limit src-addr 5
# DDOS
#ipfw add 19000 check-state
#ipfw add 19001 deny tcp from any to any established
#ipfw add 19002 allow tcp from my-net to any setup keep-state
# DNS
ipfw add 19008 allow tcp from me to any out setup keep-state
ipfw add 19009 allow all from me to any out
ipfw add 20000 allow udp from any 53 to me         #dns by AD.
# ICMP
ipfw add 30000 allow icmp from any to any icmptypes 3
ipfw add 30001 allow icmp from any to any icmptypes 4
ipfw add 30002 allow icmp from any to any icmptypes 8 out
ipfw add 30003 allow icmp from any to any icmptypes 0 in
ipfw add 30004 allow icmp from any to any icmptypes 11 in
然后编辑:
0 R/ S) i! A; P3 Y: lee /etc/ipfw.conf3 K% c" \  H/ j( u# M
6 I# p! |1 G' K7 Y+ P; a& [
2.开启方式 2:
' N) q, \( F$ f#IPFW BY AD. e6 Y& h/ q6 Z+ T
firewall_enable="YES"
" j2 n& W6 P& {- Y1 J% j4 vfirewall_type="open"5 s% L* b8 ^" O4 X
firewall_script="/etc/ipfw.rules"
4 V1 L: ?7 g/ _! [3 _- t#firewall_logging="YES"- d2 J0 K0 n. t5 L1 |1 l9 v, S

. }6 m# }6 W7 a" E$ J- w然后编辑:1 N7 W  M9 `6 m* {' s4 w; w  |$ L
ee /etc/ipfw.rules
复制内容到剪贴板
代码:
# by AD
ipfw -q -f flush
cmd="ipfw -q add"
#...DNS
dns="202.102.192.68"
pif="bge0"
#...loopback...[127.0.0.1]
$cmd 00100 allow all from any to any via lo0
#
$cmd 00200 check-state
### 80 http
$cmd 00300 allow tcp from any to any 80 out via $pif setup keep-state
#$cmd 00350 allow tcp from any to me 80 in via $pif setup limit src-addr 10
#cmd 00300 allow tcp from any to me 80 in via $pif setup keep-state
### 53 DNS
$cmd 00400 allow udp from any to $dns 53 out via $pif keep-state
$cmd 00500 allow tcp from any to $dns 53 out via $pif setup keep-state
### 443 https
#$cmd 00700 allow tcp from any to any 443 out via $pif setup keep-state
#$cmd 00800 allow tcp from any to me 443 in via $pif setup limit src-addr 10
#
### 25 smtp mail
#
$cmd 00900 allow tcp from any to any 25 out via $pif setup keep-state
#$cmd 01000 allow tcp from any to me 25 in via $pif setup limit src-addr 5
### 110 pop mail
#$cmd 01100 allow tcp from any to any 110 out via $pif setup keep-state
#$cmd 01101 allow tcp from any to me 110 in via $pif setup limit src-addr 5
#
### PING
$cmd 01200 allow icmp from any to any out via $pif keep-state
#$cmd 01300 allow icmp from any to any in via $pif keep-state
#
### FTP
$cmd 01400 allow tcp from any to any 21 out via $pif setup keep-state
$cmd 01500 allow tcp from any to any 21 in via $pif setup limit src-addr 3
#
### SSH$cmd 01600 allow tcp from any to any 33890 out via $pif setup keep-state
$cmd 01700 allow tcp from any to any 33890 in via $pif setup limit src-addr 2
#
#Allow out FBSD (make install & CVSUP) functions
$cmd 01800 allow tcp from me to any out via $pif setup keep-state uid root
#
$cmd 60000 deny log all from any to any
做一个快乐的!,建一个漂亮的"

TOP

野蛮小猪猪

初级会员

Rank: 2

UID
372 
帖子
精华
0 
威望
0  
金币
10  
原创
0  
宣传
0  
阅读权限
20 
在线时间
3 小时 
最后登录
2006-12-29 
沙发 发表于 2006-12-14 20:11  只看该作者
说的太含糊了 没明白怎么使用  是不是 在DOS下运行啊

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题