昨天raymond把ipfw编进内核,结果一重启,默认策略把自己挡在门外。
今天把策略重新作了详细研究,再重新编辑了策略。
vi /etc/rc.conf
新增
firewall_enable=”YES”
firewall_type=”UNKNOWN”
firewall_script=”/etc/ipfw.rules”
vi /etc/ipfw.rules
#!/bin/sh
oif=”em0″
iif=”em1″
fwcmd=”/sbin/ipfw -q add”
valid_tcpport=”22,25,53,80,110,465,995″
valid_udpport=”53″
/sbin/ipfw -q -f flush
$fwcmd 00010 check-state
$fwcmd 00020 allow all from any to any via $iif
$fwcmd 00030 allow all from any to any via lo0
$fwcmd 00040 allow all from any to any out via $oif keep-state
$fwcmd 10000 allow tcp from any to me $valid_tcpport in via $oif setup keep-state
$fwcmd 10001 allow udp from any to me $valid_udpport in via $oif keep-state
再执行:sh /etc/ipfw.rules
虽然就这么简单几句,有一丁点错误都可能把自己关门外。