分类: BSD
2008-04-17 09:33:20
/etc/rc.conf
加入以下内容
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.rules" 这是防火墙自定义脚本
firewall_quiet="NO"
firewall_logging_enable="YES"
log_in_vain="NO"
tcp_drop_synfin="NO"
tcp_restrict_rst="YES"
icmp_drop_redirect="YES"
保存退出
vi /etc/ipfw.rules
大家注意 -q 前面要加一个空格
-q -f flush
-q add 00301 allow all from any to any via lo0
-q add 00302 check-state
-q add 00303 allow tcp from any to 10.72.255.131 53 out via vr0 setup keep-state 10.72.255.131 是DNS地址,大家根据本地的改下
-q add 00400 allow udp from any to 10.72.255.131 53 out via vr0 keep-state vr0 是我网卡的名称,大家根据己的改,以下都是一样
-q add 00500 allow tcp from any to any 80 in via vr0 setup keep-state
-q add 00900 allow tcp from any to any 25 out via vr0 setup keep-state
-q add 01200 allow tcp from any to any via vr0 setup keep-state uid root
-q add 01300 allow icmp from any to any in via vr0 keep-state
-q add 01400 allow tcp from any to any 21 in via vr0 setup keep-state
-q add 01500 allow tcp from any to me 21 in via vr0 setup limit src-addr 2
-q add 01600 allow tcp from any to any 22 in via vr0 setup keep-state
