Garey's Blog–FreeBSD/PHP/GoLang

十二月 15th, 2009

FreeBSD的IPFW设置

7,265 views, FreeBSD, by garey.

昨天raymond把ipfw编进内核,结果一重启,默认策略把自己挡在门外。
今天把策略重新作了详细研究,再重新编辑了策略。
vi /etc/rc.conf
新增
firewall_enable=”YES”
firewall_type=”UNKNOWN”
firewall_script=”/etc/ipfw.rules”

vi /etc/ipfw.rules
#!/bin/sh

oif=”em0″
iif=”em1″
fwcmd=”/sbin/ipfw -q add”

valid_tcpport=”22,25,53,80,110,465,995″
valid_udpport=”53″

/sbin/ipfw -q -f flush

$fwcmd 00010 check-state
$fwcmd 00020 allow all from any to any via $iif
$fwcmd 00030 allow all from any to any via lo0
$fwcmd 00040 allow all from any to any out via $oif keep-state

$fwcmd 10000 allow tcp from any to me $valid_tcpport in via $oif setup keep-state
$fwcmd 10001 allow udp from any to me $valid_udpport in via $oif keep-state

再执行:sh /etc/ipfw.rules

虽然就这么简单几句,有一丁点错误都可能把自己关门外。

Back Top

发表评论