################################################################################
# delete all rules
ipfw -q -f flush
# variable declaration
nic="re0"
dns1="+++"
dns2="+++"
dhcp="192.168.1.1"
cmd="ipfw -q add "
ks="keep-state"
################################################################################
# loopback
$cmd 00100 allow all from any to any via lo0
$cmd 00200 check-state
################################################################################
# dns
$cmd 00300 allow tcp from me to $dns1 53 out via $nic setup $ks
$cmd 00400 allow udp from me to $dns2 53 out via $nic $ks
$cmd 00500 allow tcp from me to $dns1 53 out via $nic setup $ks
$cmd 00600 allow udp from me to $dns2 53 out via $nic $ks
# dhcp
$cmd 00700 allow udp from me to $dhcp 67 out via $nic $ks
################################################################################
# www
$cmd 00800 allow tcp from me to any 80 out via $nic setup $ks
# secure www
$cmd 00920 allow tcp from me to any 443 out via $nic setup $ks
# email
$cmd 01000 allow tcp from me to any 587 out via $nic setup $ks
$cmd 01100 allow tcp from me to any 995 out via $nic setup $ks
# irc
$cmd 01200 allow tcp from me to any 7000 out via $nic setup $ks
# ftp
$cmd 01300 allow tcp from me to any 21 out via $nic setup $ks
$cmd 01400 allow tcp from me to any 1024-65535 out via $nic setup $ks
# ntp
$cmd 01500 allow udp from me to any 123 out via $nic $ks
# csup
$cmd 01600 allow tcp from me to any out via $nic setup $ks uid root
################################################################################
阅读(795) | 评论(0) | 转发(0) |
