ipfw常用配置-星期五啦-ChinaUnix博客

星期五啦的ChinaUnix博客

首页　| 　博文目录　| 　关于我

星期五啦

博客访问： 144548
博文数量： 58
博客积分： 130
博客等级：入伍新兵
技术积分： 310
用户组：普通用户
注册时间： 2011-11-19 21:38

文章分类

全部博文（58）

未分配的博文（58）

文章存档

2012年（22）

2011年（36）

我的朋友

最近访客

推荐博文

ipfw常用配置

分类：

2011-11-23 01:00:13

原文地址：ipfw常用配置作者：uranusllj

我的规则.
安装的时候,选择的 install-deny.cmd

[code]
#!/bin/sh
#
#

cmd="./ipfw add"

# First flush the firewall rules
./ipfw -q -f flush

#Localhost rules
$cmd 100 pass all from any to any via lo*

# Prevent any traffic to 127.0.0.1, common in localhost spoofing
$cmd 110 deny log all from any to 127.0.0.0/8 in
$cmd 120 deny log all from 127.0.0.0/8 to any in

#动态检查规则
$cmd check-state

#永远打开
$cmd allow log all from 10.xxx.xx.xx to any in

#可以ping别人
$cmd allow icmp from any to any icmptypes 11 in

#FTP
$cmd allow tcp from any to any 20,21
$cmd allow tcp from any 20,21 to any

#QQ
$cmd allow log udp from any to any 8000-8009
$cmd allow log udp from any 8000-8009 to any

#DHCP
$cmd allow udp from any to any 67,68
$cmd allow udp from any 67,68 to any

#SSH
$cmd allow tcp from any to any 22
$cmd allow tcp from any 22 to any

#HTTP 下载
#$cmd allow tcp from any 80 to any

#DNS
$cmd allow tcp from any to any 53
$cmd allow tcp from any 53 to any
$cmd allow udp from any to any 53
$cmd allow udp from any 53 to any

#以下是本地连接(eth3) 的防火墙规则

#以下是 ipmsg 的规则
$cmd 31050 allow udp from 10.xxx.0.0/16 2425 to any in
$cmd 31060 allow tcp from 10.xxx.0.0/16 2425 to any in

$cmd 31070 allow udp from 10.xxx.0.0/16 to me 2425 in
$cmd 31080 allow tcp from 10.xxx.0.0/16 to me 2425 in

#服务器的telnetd和sshd允许通过
$cmd 32010 allow tcp from 10.xxx.0.0/16 23 to me in
$cmd 32020 allow tcp from 10.xxx.0.0/16 22 to me in

#腾讯通的服务器
$cmd 32030 allow tcp from 10.xxx.xx.xxx 8000 to me in
$cmd 32040 allow tcp from 10.xxx.xx.xx 8000 to me in

#end 本地连接(eth3)

$cmd pass all from me to any out keep-state
#$cmd count log ip from any to any

阅读(698) | 评论(0) | 转发(0) |

上一篇：RX2660到RX6600系统导入

下一篇：linux信号量,实现对共享资源的互斥和同步功能.

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6