ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Sergey Zaikov 2:5022/5.66 26 Jun 2001 18:20:18
To : All
Subject : Simple firewall из rc.firewall
--------------------------------------------------------------------------------
В rc.conf я вместо "open" в firewall_type задал "simple". Файл rc.conf ниже.
В rc.firewall прописал необходимые адреса, rc.firewall6 не трогал.
И вот что получилось:
Hа терминал вылезают сообщения:
Jun 26 22:23:28 acc natd[123]: failed to write packet back (Permission denied)
При попытке пропинговать адрес шлюза:
acc# ping xx.xx.xx.129
PING xx.xx.xx.129 (xx.xx.xx.129): 56 data bytes
Jun 26 22:22:24 acc natd[123]: failed to write packet back (Permission denied)
Jun 26 22:22:24 acc natd[123]: failed to write packet back (Permission denied)
ipfw show:
00100 60 3992 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 192.168.107.0/24 to any in recv rl0
00400 0 0 deny ip from xx.xx.xx.0/28 to any in recv rl1
00500 0 0 deny ip from any to 10.0.0.0/8 via rl0
00600 0 0 deny ip from any to 172.16.0.0/12 via rl0
00700 0 0 deny ip from any to 192.168.0.0/16 via rl0
00800 0 0 deny ip from any to 0.0.0.0/8 via rl0
00900 0 0 deny ip from any to 169.254.0.0/16 via rl0
01000 0 0 deny ip from any to 192.0.2.0/24 via rl0
01100 0 0 deny ip from any to 224.0.0.0/4 via rl0
01200 0 0 deny ip from any to 240.0.0.0/4 via rl0
01300 60 7688 divert 8668 ip from any to any via rl0
01400 0 0 deny ip from 10.0.0.0/8 to any via rl0
01500 0 0 deny ip from 172.16.0.0/12 to any via rl0
01600 0 0 deny ip from 192.168.0.0/16 to any via rl0
01700 0 0 deny ip from 0.0.0.0/8 to any via rl0
01800 0 0 deny ip from 169.254.0.0/16 to any via rl0
01900 0 0 deny ip from 192.0.2.0/24 to any via rl0
02000 0 0 deny ip from 224.0.0.0/4 to any via rl0
02100 0 0 deny ip from 240.0.0.0/4 to any via rl0
02200 82 9145 allow tcp from any to any established
02300 0 0 allow ip from any to any frag
02400 0 0 allow tcp from any to xx.xx.xx.130 25 setup
02500 0 0 allow tcp from any to xx.xx.xx.130 53 setup
02600 0 0 allow udp from any to xx.x.xx.130 53
02700 0 0 allow udp from x.xx.xx.130 53 to any
02800 0 0 allow tcp from any to xx.xx.xx.130 80 setup
02900 0 0 deny log logamount 100 tcp from any to any in recv rl0 setup
03000 1 44 allow tcp from any to any setup
03100 0 0 allow udp from any 53 to xx.xx.xx.130
03200 0 0 allow udp from xx.xx.xx.130 to any 53
03300 0 0 allow udp from any 123 to xx.xx.xx.130
03400 0 0 allow udp from xx.xx.xx.130 to any 123
65535 96 10788 deny ip from any to any
=== Cut Begin rc.conf ===
# This file now contains just the overrides from /etc/defaults/rc.conf
gateway_enable="YES"
network_interfaces="lo0 rl0 rl1"
ifconfig_lo0="inet 127.0.0.1"
ifconfig_rl0="inet xx.xx.xx.130 netmask 255.255.255.240 media 10baseT/UTP"
ifconfig_rl1="inet 192.168.107.1 netmask 255.255.255.0"
ifconfig_rl0_ipx="ipx 0x115115"
defaultrouter="xx.xx.xx.129"
firewall_enable="YES"
firewall_type="simple"
firewall_quiet="NO"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-same_ports yes -use_sockets yes"
ipxrouted_enable="YES"
=== Cut End rc.conf ===
Sergey.
... Знание - столь дpагоценная вещь, что его не зазоpно добывать из любого
--- источника (Абу-ль-Фаpадж, аpабский поэт)
* Origin: Самый Бестолковый User of Handle brake Private station (2:5022/5.66)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Simple firewall из rc.firewall |
Sergey Zaikov |
26 Jun 2001 18:20:18 |
|
|
