Frozen Fido : RU.UNIX.BSD : Загрузка CPU

ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Anton Barabanov                      2:5020/5480    24 Feb 2005  10:58:56
 To : Anton V. Yuzhaninov
 Subject : Загрузка CPU
 --------------------------------------------------------------------------------

 
 24 Фев 05 года, в 01:41, Anton V. Yuzhaninov (2:5020/400) -> Anton Barabanov:
 
  AB>> Есть какие-то рекомендации?
 
  AVY> В целом те правла которые срабатывают чаще лучше чтоб были ближе к
  AVY> началу.
  AVY> Если много однотипных правил, то можно попробовать использовать ipfw
  AVY> table
 
 Это как? У меня ipfw2 не установлен, только ipfw.
 00001 108  9156 allow tcp from any to me 22 in recv rl0
 00002 120 39752 allow tcp from me 22 to any out xmit rl0
 00003   0     0 allow tcp from any to me 80,443 in recv rl0
 00004   0     0 allow tcp from me 80,443 to any out xmit rl0
 00005   0     0 allow tcp from 10.1.1.5 to me 5800 in recv rl0
 00006   0     0 allow tcp from me 5800 to 10.1.1.5 out xmit rl0
 00010  78  5390 allow ip from any to any via lo0
 00012   0     0 deny ip from any to 127.0.0.0/8
 00014   0     0 deny ip from 127.0.0.0/8 to any
 00020   0     0 deny ip from 10.1.1.0/24 to any in recv rl1
 00021   0     0 deny ip from 82.148.5.192/27 to any in recv rl0
 00025   0     0 deny ip from 10.1.1.0/24 to any in recv rl2
 00026   0     0 deny ip from 192.168.9.0/24 to any in recv rl0
 00030   1    76 allow udp from me to any 123 out xmit rl0
 00040  55  5523 allow tcp from any to any via rl1 established
 00041   0     0 allow tcp from any to any via rl2 established
 00050   0     0 check-state
 00061  12  1111 allow udp from me to any 53 keep-state
 00062   1    76 allow udp from me to any 123 keep-state
 00070   3   252 allow ip from 82.148.5.202 to any out xmit rl1
 00071   1   156 allow ip from 192.168.9.24 to any out xmit rl2
 00080   0     0 deny tcp from any to me 22,514,3306,3493,5800 in
 00081   0     0 deny udp from any to me 514 in
 00082   0     0 deny udp from any to me 9996 in
 00085   1   229 deny ip from 82.148.30.146 to any
 00090   0     0 deny tcp from any to any 20,22,23,25,587,3128 in recv rl1
 00091   0     0 deny tcp from any to me 21,110 in recv rl1
 00092   0     0 deny tcp from any to me 80,443 in recv rl1
 00094   0     0 deny udp from any to any 53 in recv rl1
 00096   0     0 deny udp from any to any 123 in recv rl1
 00098 137 12276 deny udp from any to any 135-139,445 in recv rl1
 00100   0     0 deny tcp from any to me 3306 in recv rl1
 00102   0     0 deny tcp from any to me 20001 in recv rl1
 00104   0     0 deny tcp from any to any 514 in recv rl1
 00106   0     0 deny udp from any to any 514 in recv rl1
 00130   0     0 deny tcp from any to any 20,22,23,25,587,3128 in recv rl2
 00131   0     0 deny tcp from any to me 21,110 in recv rl2
 00132   0     0 deny tcp from any to me 80,443 in recv rl2
 00134   0     0 deny udp from any to any 53 in recv rl2
 00136   0     0 deny udp from any to any 123 in recv rl2
 00138   0     0 deny udp from any to any 135-139,445 in recv rl2
 00140   0     0 deny tcp from any to me 3306 in recv rl2
 00142   0     0 deny tcp from any to me 20001 in recv rl2
 00144   0     0 deny tcp from any to any 514 in recv rl2
 00146   0     0 deny udp from any to any 514 in recv rl2
 00160   0     0 allow tcp from any 20 to any 1024-65535 in
 00200   0     0 allow tcp from any to 10.1.1.5 24554 setup
 00201   0     0 allow tcp from any to 10.1.1.5 10000-10010 setup
 00202   0     0 allow tcp from any to 10.1.1.5 4632 setup
 00203   0     0 allow udp from any to 10.1.1.5 4672 in
 00204   0     0 allow tcp from any to 10.1.1.5 2000-2003 setup
 00205   0     0 allow udp from any to 10.1.1.5 4400 in
 00205   0     0 allow tcp from 82.148.2.0/24 to 10.1.1.5 21,80,4400 setup
 00210   0     0 allow tcp from 82.148.3.0/24 to 10.1.1.5 21,80,4400 setup
 00220   0     0 allow tcp from 82.148.4.0/24 to 10.1.1.5 21,80,4400 setup
 00230   0     0 allow tcp from 82.148.5.0/24 to 10.1.1.5 21,80,4400 setup
 00240   0     0 allow tcp from 82.148.6.0/24 to 10.1.1.5 21,80,4400 setup
 00250   0     0 allow tcp from 82.148.20.0/24 to 10.1.1.5 21,80,4400 setup
 00260   0     0 allow tcp from 82.148.21.128/25 to 10.1.1.5 21,80,4400 setup
 00270   0     0 allow tcp from 82.148.26.0/24 to 10.1.1.5 21,80,4400 setup
 00280   4   240 allow tcp from 82.148.27.0/24 to 10.1.1.5 21,80,4400 setup
 00290   0     0 allow tcp from 82.148.28.0/24 to 10.1.1.5 21,80,4400 setup
 00300   0     0 allow tcp from 82.148.29.0/24 to 10.1.1.5 21,80,4400 setup
 00310   0     0 allow tcp from 82.148.30.0/24 to 10.1.1.5 21,80,4400 setup
 00320   0     0 allow tcp from 82.148.31.0/24 to 10.1.1.5 21,80,4400 setup
 00330   0     0 allow tcp from 213.148.30.0/24 to 10.1.1.5 21,80,4400 setup
 00340   0     0 allow tcp from 213.148.31.0/24 to 10.1.1.5 21,80,4400 setup
 00400   0     0 allow tcp from 192.168.0.0/24 to 10.1.1.5 21,80 setup
 00410   0     0 allow tcp from 192.168.1.0/24 to 10.1.1.5 21,80 setup
 00420   0     0 allow tcp from 192.168.2.0/24 to 10.1.1.5 21,80 setup
 00430   0     0 allow tcp from 192.168.3.0/24 to 10.1.1.5 21,80 setup
 00440   0     0 allow tcp from 192.168.4.0/24 to 10.1.1.5 21,80 setup
 00450   0     0 allow tcp from 192.168.5.0/24 to 10.1.1.5 21,80 setup
 00460   0     0 allow tcp from 192.168.6.0/24 to 10.1.1.5 21,80 setup
 00470   0     0 allow tcp from 192.168.7.0/24 to 10.1.1.5 21,80 setup
 00480   0     0 allow tcp from 192.168.8.0/24 to 10.1.1.5 21,80 setup
 00490   0     0 allow tcp from 192.168.9.0/24 to 10.1.1.5 21,80 setup
 00500   0     0 allow tcp from 192.168.10.0/24 to 10.1.1.5 21,80 setup
 00510   0     0 allow tcp from 192.168.11.0/24 to 10.1.1.5 21,80 setup
 00520   0     0 allow tcp from 192.168.12.0/24 to 10.1.1.5 21,80 setup
 00700   0     0 allow icmp from any to 82.148.5.202 in recv rl1 icmptype 
 0,3,4,8,11,12
 00705   1   156 allow icmp from any to 10.1.1.0/24 in recv rl1 icmptype
 0,3,4,11,12
 00710   0     0 allow icmp from any to 192.168.9.24 in recv rl2 icmptype 
 0,3,4,8,11,12
 00715   1   156 allow icmp from any to 10.1.1.0/24 in recv rl2 icmptype
 0,3,4,11,12
 00740   0     0 deny log logamount 10 icmp from any to any in recv rl1
 00750   0     0 unreach host log logamount 10 icmp from any to any out xmit rl1
 00760   0     0 deny log logamount 10 icmp from any to any in recv rl2
 00770   0     0 unreach host log logamount 10 icmp from any to any out xmit rl2
 00800   2   118 allow udp from any to me 53 in recv rl0
 00801   2   425 allow udp from me 53 to any out xmit rl0
 01001  22  4028 allow ip from any to 10.1.1.5 via rl0
 01001  23  2049 allow ip from 10.1.1.5 to any via rl0
 01002   0     0 allow ip from any to 10.1.1.2 via rl0
 01002   0     0 allow ip from 10.1.1.2 to any via rl0
 01003  12   641 allow ip from any to 10.1.1.3 via rl0
 01003   8   375 allow ip from 10.1.1.3 to any via rl0
 01004   1    40 allow ip from any to 10.1.1.4 via rl0
 01004   1    46 allow ip from 10.1.1.4 to any via rl0
 65530  44  3838 deny log logamount 10 ip from any to any
 65535  32  4769 deny ip from any to any
                                     Пока.
                                         Anton.
 
 ... Это было давно и непpавда.
 --- Ded пархатый, версия 1.1.5-040120
  * Origin: Хочешь полyчить yмный ответ - спpашивай yмно. (2:5020/5480)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
Загрузка CPU	Anton Barabanov	23 Feb 2005 15:55:41
Re: Загрузка CPU	vladimir.sharun@ukr.net	23 Feb 2005 16:50:02
Re: Загрузка CPU	Anton V. Yuzhaninov	24 Feb 2005 02:46:07
Загрузка CPU	Anton Barabanov	24 Feb 2005 11:13:03
Re: Загрузка CPU	Anton V. Yuzhaninov	24 Feb 2005 16:43:56
Re: Загрузка CPU	Valentin Davydov	23 Feb 2005 19:09:40
Загрузка CPU	Anton Barabanov	23 Feb 2005 21:55:11
Re: Загрузка CPU	Anton V. Yuzhaninov	24 Feb 2005 02:41:35
Загрузка CPU	Anton Barabanov	24 Feb 2005 10:58:56
Загрузка CPU	Sergey Korolew	24 Feb 2005 12:16:02
Загрузка CPU	Anton Barabanov	24 Feb 2005 19:19:22
Re: Загрузка CPU	Valentin Davydov	24 Feb 2005 13:00:50
Загрузка CPU	Konstantin_G_Ananich	24 Feb 2005 13:56:22
Re: Загрузка CPU	Igor Sysoev	24 Feb 2005 13:57:19
Загрузка CPU	Anton Barabanov	24 Feb 2005 19:23:02
Re: Загрузка CPU	Anton V. Yuzhaninov	24 Feb 2005 19:27:10
Загрузка CPU	Anton Barabanov	24 Feb 2005 20:44:28
Re: Загрузка CPU	Igor Sysoev	25 Feb 2005 00:33:42
Загрузка CPU	Anton Barabanov	25 Feb 2005 01:20:02
Re: Загрузка CPU	Igor Sysoev	25 Feb 2005 12:55:59
Загрузка CPU	Anton Barabanov	25 Feb 2005 18:50:51
Re: Загрузка CPU	Igor Sysoev	28 Feb 2005 20:35:21
Загрузка CPU	Anton Barabanov	28 Feb 2005 21:46:59
Re: Загрузка CPU	Vasily Korytov	28 Feb 2005 22:26:41
Загрузка CPU	Anton Barabanov	28 Feb 2005 22:58:46
Re: Загрузка CPU	Vasily Korytov	28 Feb 2005 23:24:08
Загрузка CPU	Anton Barabanov	28 Feb 2005 23:45:21
Загрузка CPU	Nikolay Nevzorov	01 Mar 2005 19:28:20
Загрузка CPU	Nikolay Nevzorov	01 Mar 2005 19:27:35
Загрузка CPU	Ilya Kulagin	01 Mar 2005 20:15:01
Re: Загрузка CPU	Vasily Korytov	01 Mar 2005 21:45:44
Re: Загрузка CPU	Igor Sysoev	28 Feb 2005 23:58:47
Загрузка CPU	Anton Barabanov	01 Mar 2005 00:05:58
Re: Загрузка CPU	Igor Sysoev	01 Mar 2005 00:35:29
Загрузка CPU	Anton Barabanov	01 Mar 2005 01:03:08
Re: Загрузка CPU	Kazarov	01 Mar 2005 14:53:40
Re: Загрузка CPU	Igor Sysoev	11 Mar 2005 10:08:08
Загрузка CPU	Sergey Korolew	11 Mar 2005 14:20:26
Re: Загрузка CPU	Valentin Nechayev	13 Mar 2005 13:14:15
Re: Загрузка CPU	Igor Sysoev	28 Feb 2005 23:50:08
Загрузка CPU	Anton Barabanov	28 Feb 2005 23:52:21
Re: Загрузка CPU	Igor Sysoev	01 Mar 2005 00:31:54
Загрузка CPU	Anton Barabanov	01 Mar 2005 01:02:25
Re: Загрузка CPU	Valentin Davydov	25 Feb 2005 14:53:45
Re: Загрузка CPU	Igor Sysoev	28 Feb 2005 20:37:24
Загрузка CPU	Anton Barabanov	01 Mar 2005 00:00:02

Архивное /ru.unix.bsd/2801421d7c6a.html, оценка 2 из 5, голосов 10