【632:16】あなたのipfw見せてください。
- 1 名前:名無しさん@お腹いっぱい。 :02/04/04 16:02
- 色々な書籍やwebに設定例が載っていますが、
他人のipfwを見てみたいと思った事はないですか?
みんなで公表して、みんなで添削しちゃいましょう。
IPFW="/sbin/ipfw"
ALLOW="allow log"
DENY="deny log"
ipfw -q -f flush
${IPFW} 100 add ${ALLOW} icmp from any to any
${IPFW} 200 add ${ALLOW} ip from any to any via lo0
${IPFW} 300 add ${DENY} ip from any to any via tun0 frag
${IPFW} 400 add ${ALLOW} ip from 192.168.1.0/24 to any via ed0
${IPFW} 410 add ${ALLOW} ip from any to 192.168.1.0/24 via ed0
${IPFW} 500 add ${DENY} ip from 192.168.1.0/24 to any recv tun0
${IPFW} 510 add ${DENY} ip from 127.0.0.1 to any recv tun0
${IPFW} 520 add ${DENY} ip from any to 127.0.0.0/8
${IPFW} 530 add ${DENY} ip from 127.0.0.0/8 to any
${IPFW} 600 add ${DENY} tcp from any 137-139,445 to any
${IPFW} 610 add ${DENY} udp from any 137-139,445 to any
${IPFW} 620 add ${DENY} tcp from any to any 137-139,445
${IPFW} 630 add ${DENY} udp from any to any 137-139,445
${IPFW} 900 add divert 8668 ip from any to any via tun0
${IPFW} 1000 add ${ALLOW} tcp from any to any established
${IPFW} 1010 add ${ALLOW} ip from any to any out via tun0
${IPFW} 1300 add ${ALLOW} udp from any to any 53
${IPFW} 1310 add ${ALLOW} udp from any 53 to any
${IPFW} 1400 add ${ALLOW} tcp from any to 192.168.1.10 80 setup
${IPFW} 1410 add ${ALLOW} tcp from any to 192.168.1.10 443 setup
${IPFW} 1500 add ${ALLOW} tcp from any to 192.168.1.10 25 setup
${IPFW} 1600 add ${ALLOW} udp from any 123 to any
${IPFW} 1700 add ${ALLOW} udp from any 161 to any
${IPFW} 1800 add ${ALLOW} tcp from any to 192.168.1.10 110 setup
${IPFW} 1900 add ${ALLOW} tcp from any to 192.168.1.10 20 setup
${IPFW} 1910 add ${ALLOW} udp from any to 192.168.1.10 20
${IPFW} 1920 add ${ALLOW} tcp from any to 192.168.1.10 21 setup
${IPFW} 1930 add ${ALLOW} udp from any to 192.168.1.10 21
${IPFW} 1940 add ${ALLOW} tcp from any to 192.168.1.10 7000-7500
${IPFW} 1950 add ${ALLOW} udp from any to 192.168.1.10 7000-7500
${IPFW} 2000 add ${ALLOW} udp from any 4000 to any in recv tun0
${IPFW} 2100 add ${ALLOW} tcp from any to 192.168.1.10 22 setup
${IPFW} 9900 add ${DENY} tcp from any to any
${IPFW} 20000 add ${ALLOW} udp from any to any keep-state out via tun0
${IPFW} 20010 add check-state
${IPFW} 20020 add ${DENY} udp from any to any
です。
おてやわらかに。
- 14 名前:名無しさん@お腹いっぱい。 :02/08/08 21:18
- MD5 (/sbin/ipfw) = b830af7a0fbcfd894e2d7ceb8a03cf62
- 15 名前:名無しさん@お腹いっぱい。 :02/09/17 04:37
- >>14
禿げしくワラタ
- 16 名前:名無しさん@お腹いっぱい。 :02/09/21 01:41
- MD5 (/sbin/ipfw) = 5d03bc63acff8f7f36648a14064226bd
|
