|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Alexander V. Ribchansky 2:5020/400 05 Jun 2000 14:04:36
To : All
Subject : IPFW-HOW-TO again
--------------------------------------------------------------------------------
Приветствую вас граждане!
После некого чтения книг по TCP/IP и рекомендаций полученых в эхе вот что я
навоял.....
Если кто найдет кусочек времени дабы раскретиковать и предложить более
корректные варианты --- буду премного благодарен.....
Дабы меня сразу же не разнесли в пух и прах друзья хакеры ip адреса малость
изменены...
И еще попутно вопрос, почему при таких правилах перестает работать
интерактивное добавление пакаджей по /stand/sysinstall.... все виснет..
точнее останавливается на этапе получения ИHДЕКСА пакаджей..???...ж-(
fwcmd="/sbin/ipfw"
$fwcmd -f flush
iif="wi0"
#вейвлан карта, которая глядит наружу
inet="127.43.193.8"
imask="255.255.255.252"
iip="127.43.193.10"
loif="ed1"
#сетевушка для локальной сети
lonet="127.43.193.128"
lomask="255.255.255.240"
loip="127.43.193.130"
monet="127.43.193.144"
#модемный пул...
momask="255.255.255.240"
moip="127.43.193.145"
#allow traffic via local network
${fwcmd} add 26000 pass all from any to any via lo0
#disable fragmented packets...
${fwcmd} add deny icmp from any to any frag
#allow icmp
${fwcmd} add pass ICMP from any to any
#allow SMTP
${fwcmd} add pass tcp from any to any 25
${fwcmd} add pass tcp from any 25 to any
#allow HTTPS
${fwcmd} add pass tcp from any to any 443 out
${fwcmd} add pass tcp from any 443 to any out
#allow HTTP via wi0
#${fwcmd} add allow tcp from any to ${loip} 80 in via ${iif}
#allow HTTP
${fwcmd} add pass tcp from any to any 80
${fwcmd} add pass tcp from any 80 to any
#${fwcmd} add allow all from any to any via ${loif}
#allow DNS
${fwcmd} add pass udp from any to any 53
${fwcmd} add pass udp from any 53 to any
${fwcmd} add pass tcp from any to any 53
${fwcmd} add pass tcp from any 53 to any
#allow NNTP
${fwcmd} add pass tcp from any to any 119
${fwcmd} add pass tcp from any 119 to any
#allow POP3
${fwcmd} add pass tcp from any to any 110
${fwcmd} add pass tcp from any 110 to any
#allow FTP
${fwcmd} add pass tcp from any 21 to any
${fwcmd} add pass tcp from any to any 21
${fwcmd} add pass tcp from any 20 to any
${fwcmd} add pass tcp from any to any 20
#allow HTTP, FTP Proxy
${fwcmd} add pass tcp from any to any 3128
${fwcmd} add pass tcp from any 3128 to any
${fwcmd} add pass tcp from any 3130 to any
${fwcmd} add pass tcp from any to any 3130
#allow telnet
${fwcmd} add pass tcp from ${lonet}:${lomask} 23 to any
${fwcmd} add pass tcp from ${monet}:${momask} 23 to any
${fwcmd} add pass tcp from ${lonet}:${lomask} to any 23
${fwcmd} add pass tcp from ${monet}:${momask} to any 23
#allow our MONET to access Microsoft network remotely
${fwcmd} add pass tcp from ${monet}:${momask} 137,138,139 to any
${fwcmd} add pass tcp from ${monet}:${momask} to any 137,138,139
#allow IRC and ICQ
${fwcmd} add pass udp from any 194,4000,5190 to any
${fwcmd} add pass udp from any to any 194,4000,5190
${fwcmd} add pass tcp from any 194,4000,5190 to any
${fwcmd} add pass tcp from any to any 194,4000,5190
#X-files
${fwcmd} add pass tcp from any to any 1024-65535 established
${fwcmd} add pass udp from any to any 1024-65535
#deny all :-)
${fwcmd} add deny log ip from any to any
--- ifmail v.2.15dev5
* Origin: Demos online service (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
