张小烦 发表于 2017-3-1 01:03:39

FreeBSD用ipfw建立简单的防火墙

1.首先你要编辑/etc/rc.conf,并添加以下。你可以通过输入的编辑/etc/rc.conf”从命令提示符
firewall_enable="YES"
firewall_script="YES"
firewall_script="/etc/ipfw.rules"
2.那么你想要创建的规则文件。你可以通过输入的编辑/etc/ipfw.从命令提示符规则的。我会添加一些简单的规则如下所列的。
# server
cmd="ipfw -q add"
ipfw -q -f flush
ks="keep-state"
#loopback
$cmd 10 allow all from any to any via lo0
$cmd 20 deny all from any to 127.0.0.0/8
$cmd 30 deny all from 127.0.0.0/8 to any
$cmd 40 deny tcp from any to any frag
# stateful
$cmd 50 check-state
$cmd 60 allow tcp from any to any established
$cmd 70 allow all from any to any out keep-state
$cmd 80 allow icmp from any to any
# services
#ftp
$cmd 110 allow tcp from any to any 21 in
$cmd 120 allow tcp from any to any 21 out
#ssh
$cmd 130 allow tcp from any to any 22 in
$cmd 140 allow tcp from any to any 22 out
#smtp
$cmd 150 allow tcp from any to any 25 in
$cmd 160 allow tcp from any to any 25 out
#dns
$cmd 170 allow udp from any to any 53 in
$cmd 175 allow tcp from any to any 53 in
$cmd 180 allow udp from any to any 53 out
$cmd 185 allow tcp from any to any 53 out
#http
$cmd 200 allow tcp from any to any 80 in
$cmd 210 allow tcp from any to any 80 out
#pop3
$cmd 220 allow tcp from any to any 110 in
$cmd 230 allow tcp from any to any 110 out
#ntp
$cmd 240 allow udp from any to any 123 in
$cmd 250 allow udp from any to any 123 out
#https
$cmd 260 allow tcp from any to any 443 in
$cmd 270 allow tcp from any to any 443 out
# deny log
$cmd 999 deny log all from any to any
3.现在可以启动防火墙通过重启机器或做这个命令
# sh /etc/ipfw.rules
4.然后您可以通过以下命令列出规则序列
#sh ipfw list
页: [1]
查看完整版本: FreeBSD用ipfw建立简单的防火墙