Gateway未来科技

 找回密码
 立即注册
搜索
热搜: 活动 交友 discuz
查看: 176|回复: 0

FreeBSD用ipfw建立简单的防火墙

[复制链接]

258

主题

270

帖子

819

积分

超级版主

Rank: 8Rank: 8

积分
819
发表于 2017-3-1 01:03:39 | 显示全部楼层 |阅读模式
1.首先你要编辑/etc/rc.conf,并添加以下。你可以通过输入的编辑/etc/rc.conf”从命令提示符
firewall_enable="YES"
firewall_script="YES"
firewall_script="/etc/ipfw.rules"
2.那么你想要创建的规则文件。你可以通过输入的编辑/etc/ipfw.从命令提示符规则的。我会添加一些简单的规则如下所列的。
# server
cmd="ipfw -q add"
ipfw -q -f flush
ks="keep-state"
#loopback
$cmd 10 allow all from any to any via lo0
$cmd 20 deny all from any to 127.0.0.0/8
$cmd 30 deny all from 127.0.0.0/8 to any
$cmd 40 deny tcp from any to any frag
# stateful
$cmd 50 check-state
$cmd 60 allow tcp from any to any established
$cmd 70 allow all from any to any out keep-state
$cmd 80 allow icmp from any to any
# services
#ftp
$cmd 110 allow tcp from any to any 21 in
$cmd 120 allow tcp from any to any 21 out
#ssh
$cmd 130 allow tcp from any to any 22 in
$cmd 140 allow tcp from any to any 22 out
#smtp
$cmd 150 allow tcp from any to any 25 in
$cmd 160 allow tcp from any to any 25 out
#dns
$cmd 170 allow udp from any to any 53 in
$cmd 175 allow tcp from any to any 53 in
$cmd 180 allow udp from any to any 53 out
$cmd 185 allow tcp from any to any 53 out
#http
$cmd 200 allow tcp from any to any 80 in
$cmd 210 allow tcp from any to any 80 out
#pop3
$cmd 220 allow tcp from any to any 110 in
$cmd 230 allow tcp from any to any 110 out
#ntp
$cmd 240 allow udp from any to any 123 in
$cmd 250 allow udp from any to any 123 out
#https
$cmd 260 allow tcp from any to any 443 in
$cmd 270 allow tcp from any to any 443 out
# deny log
$cmd 999 deny log all from any to any
3.现在可以启动防火墙通过重启机器或做这个命令
# sh /etc/ipfw.rules
4.然后您可以通过以下命令列出规则序列
#sh ipfw list
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|手机版|小黑屋|Comsenz Inc.

GMT+8, 2024-12-23 12:47 , Processed in 0.068720 second(s), 18 queries .

Powered by Discuz! X3.4

© 2001-2013 Comsenz Inc. Templated By 【未来科技 www.veikei.com】设计

快速回复 返回顶部 返回列表