Главная страница
О проекте Навигация Контакт
Поиск


ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Wadim Shkirmantov                    2:5030/556.9   09 Dec 2002  22:52:12
 To : All
 Subject : ipfw
 -------------------------------------------------------------------------------- 
 
 
 Как с помощью имеющихся правил разрешить выполнения команды traceroute, ибо она 
 использует udp, а он закрыт, не нарушая секурность? Машинка домашняя, Сеть через
 ppp.
 И вообще, имеют ли правила смысл с точки зрения корректности?
 
 === Cut ===
     fwcmd="/sbin/ipfw"
 
     # Force a flushing of the current rules before we reload.
     $fwcmd -f flush
 
     # Divert all packets through the tunnel interface.
     $fwcmd add divert natd all from any to any via ppp0
 
     # Allow all data from my network card and localhost.  Make sure you
     # change your network card (mine was fxp0) before you reboot.  :)
     $fwcmd add allow ip from any to any via lo0
 #    $fwcmd add allow ip from any to any via ppp0
 
     # Allow all connections that I initiate.
     $fwcmd add allow tcp from any to any out xmit ppp0 setup
 
     # Once connections are made, allow them to stay open.
     $fwcmd add allow tcp from any to any via ppp0 established
 
     # Everyone on the internet is allowed to connect to the following
     # services on the machine.  This example shows that people may connect
     # to ssh and apache.
     $fwcmd add allow tcp from any to any 80 setup
     $fwcmd add allow tcp from any to any 22 via ppp0
     $fwcmd add allow tcp from any to any 110 via ppp0
     $fwcmd add allow tcp from any to any 143 via ppp0
     $fwcmd add allow tcp from any to any 25 setup
     $fwcmd add allow tcp from any to any 53 setup
 
     # This sends a RESET to all ident packets.
     $fwcmd add reset log tcp from any to any 113 in recv ppp0
 
     # Allow outgoing DNS queries ONLY to the specified servers.
     $fwcmd add allow udp from any to 127.0.0.1 53 out xmit ppp0
 
     # Allow them back in with the answers...  :)
     $fwcmd add allow udp from 127.0.0.1 53 to any in recv ppp0
 
     $fwcmd add deny all from any to any 2001 via ppp0
 
     # Allow ICMP (for ping and traceroute to work).  You may wish to
     # disallow this, but I feel it suits my needs to keep them in.
     $fwcmd add 65435 allow icmp from any to any
 
     # Deny all the rest.
     $fwcmd add 65435 deny log ip from any to any
 === Cut ===
 
                                                         С уважением, Wadim
 
 ... Hе ошибается то, что не pаботает. (c) Windows
 --- GoldED+/W64 1.1.5 for DOS UNREG
  * Origin: Powered by Windows 95 (2:5030/556.9)

Вернуться к списку тем, сортированных по: возрастание даты  уменьшение даты  тема  автор 

 Тема:    Автор:    Дата:  
 ipfw   Wadim Shkirmantov   09 Dec 2002 22:52:12 
 ipfw   Ivan Voytas   10 Dec 2002 15:06:54 
 Re: ipfw   Stas Degteff   15 Dec 2002 19:04:58 
Архивное /ru.unix.bsd/34023df4e66b.html, оценка 2 из 5, голосов 10
Яндекс.Метрика
Valid HTML 4.01 Transitional