- 論壇徽章:
- 0
|
個(gè)人pc機(jī)器安裝freebsd9.0 服務(wù)器正常運(yùn)行 跑著wordpress博客 ���,我添加一條指令
ipfw add 10001 deny all from 192.168.1.6 to any
ipfw show 顯示這條規(guī)則 ��,防火墻正常運(yùn)行
本人用192.168.1.6這臺(tái)電腦還是可以訪問服務(wù)器����,也可操作, 求指點(diǎn)
/etc/ipfw.rule文件內(nèi)容如下
#!/bin/sh
ipfw -q -f flush
IPF="ipfw -q add"
ip="192.168.1.251"
ipfw -q -f flush
pif="em0"
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 15 allow all from $ip to any via $pif
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
#statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
#$IPF 80 allow icmp from 192.168.3.0/24 to any via $pif
# open port ftp (21,22), ssh (22), mail (25)
#http (80), dns (53) etc
$IPF 110 allow tcp from any to any 21 in
$IPF 120 allow tcp from any to any 21 out
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow tcp from any to any 53 in
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in setup limit src-addr 150
$IPF 210 allow tcp from any to any 80 out
$IPF 211 allow tcp from any to any 3306 in
$IPF 212 allow tcp from any to any 3306 out
$IPF 213 allow tcp from any to any 1186 in
$IPF 214 allow tcp from any to any 1186 out
$IPF 215 allow tcp from any to any 11211
$IPF 220 allow tcp from any to any 10000-65535 in
$IPF 221 allow tcp from any to any 10000-65535 out
$IPF 320 deny tcp from any to any 137 in via $pif
$IPF 321 deny tcp from any to any 138 in via $pif
$IPF 322 deny tcp from any to any 139 in via $pif
$IPF 323 deny tcp from any to any 81 in via $pif
$IPF 400 allow udp from $ip to any
$IPF 401 allow icmp from any to $ip
$IPF 402 allow icmp from $ip to any 8
$IPF 403 allow icmp from $ip to any 0
$IPF 404 allow icmp from $ip to any 11
$IPF 405 allow icmp from $ip to any 3
#$IPF 800 pipe 1 ip from 192.168.3.10 to any in
#$IPF 900 pipe 2 ip from any to 192.168.3.10 out
#ipfw pipe 1 config bw 200Kbit/s queue 150Kbit
#ipfw pipe 2 config bw 300Kbit/s queue 20
# deny and log everything
$IPF 500 deny log all from any to any
開機(jī)啟動(dòng)文件rc.conf 防火墻文件如下
firewall_enable="YES"
firewall_script="/etc/ipfw.rule"
firewall_quiet="NO"
#open ipfw function
|
|
免費(fèi)注冊(cè)
發(fā)表于 2013-07-22 16:47
