- FreeBSD + ipfw поему так???,
 vinzz, 17:55 , 01-Июн-07 (1)># /etc/rc.firewall close
>Flushed all rules.
>00050 check-state
>00100 allow ip from any to any via lo0
>00200 deny ip from any to 127.0.0.0/8
>00300 deny ip from 127.0.0.0/8 to any
>00400 deny ip from 192.168.120.0/24 to any in via rl0
>00500 deny ip from 10.10.10.0/30 to any in via vr0
>00600 divert 8668 ip from any to any via rl0
>00700 allow tcp from any to any established
>00800 allow ip from any to any frag
>00900 allow tcp from any to 10.10.10.2 dst-port 25
>01000 allow tcp from 192.168.120.88 to any dst-port 25
>01100 deny ip from 192.168.120.0/24 to any dst-port 25
>01200 allow ip from 192.168.120.0/24 to any dst-port 21 keep-state
>01300 allow udp from 10.10.10.2 to any dst-port 53 keep-state
>01400 allow udp from 10.10.10.2 to any dst-port 123 keep-state
>01500 allow tcp from 10.10.10.2 to 82.207.х.х dst-port 1433 keep-state
>01600 allow udp from 10.10.10.2 to 82.207.х.х dst-port 1433 keep-state
>01700 allow tcp from any to 82.207.х.х dst-port 3389
>01800 allow ip from 192.168.120.0/24 to 192.168.120.7 via vr0
>01900 allow ip from 192.168.120.7 to 192.168.120.0/24 via vr0
>02000 allow ip from 10.10.10.2 to any via rl0
>02100 allow tcp from 192.168.120.88 to any
>02200 allow udp from 192.168.120.88 to any
>02300 allow tcp from 192.168.120.6 to any
>02400 allow udp from 192.168.120.6 to any
>65535 deny ip from any to any
>
># ipfw list
>00050 check-state
>00100 allow ip from any to any via lo0
>00200 deny ip from any to 127.0.0.0/8
>00300 deny ip from 127.0.0.0/8 to any
>00400 deny ip from 192.168.120.0/24 to any in via rl0
>00500 deny ip from 10.10.10.0/30 to any in via vr0
>00600 divert 8668 ip from any to any via rl0
>00700 allow tcp from any to any established
>00800 allow ip from any to any frag
>00900 allow tcp from any to 10.10.10.2 dst-port 25
>01000 allow tcp from 192.168.120.88 to any dst-port 25
>01100 deny ip from 192.168.120.0/24 to any dst-port 25
>01200 allow ip from 192.168.120.0/24 to any dst-port 21 keep-state
>01300 allow udp from 10.10.10.2 to any dst-port 53 keep-state
>01400 allow udp from 10.10.10.2 to any dst-port 123 keep-state
>01500 allow tcp from 10.10.10.2 to 82.207.х.х dst-port 1433 keep-state
>01600 allow udp from 10.10.10.2 to 82.207.х.х dst-port 1433 keep-state
>01700 allow tcp from any to 82.207.х.х dst-port 3389
>01800 allow ip from 192.168.120.0/24 to 192.168.120.7 via vr0
>01900 allow ip from 192.168.120.7 to 192.168.120.0/24 via vr0
>02000 allow ip from 10.10.10.2 to any via rl0
>02100 allow tcp from 192.168.120.88 to any
>02200 allow udp from 192.168.120.88 to any
>02300 allow tcp from 192.168.120.6 to any
>02400 allow udp from 192.168.120.6 to any
>65535 allow ip from any to any
>
>вот вопрос почему последнее правило при запуске фаервола то что нужно,
>а после листинга оно меняется с денай на аллов?????
>
>Это шлюз с двумя интефейсами, незнаю все ли правильно все закрыто
>из вне только конекты на 25 порт,
>с одного узла внутреней сети нужно выход на 25 порт и на
>1433
>
>подскажите если что не так
>
>ПС. С фри не дружу поэтому трудновато
Check Your kernel config for: IPFIREWALL_DEFAULT_TO_ACCEPT
- FreeBSD + ipfw поему так???, Covax, 18:01 , 01-Июн-07 (2)
|
Версия для распечатки
FreeBSD + ipfw поему так???, 
