TECH DOC
Статистика |
---|
Онлайн всего: 1 Гостей: 1 Пользователей: 0
|
|
Каталог статей
IPFW
Firewall [root@router /etc]# cat rc.firewall #!/bin/sh FwCMD="/sbin/ipfw" LanOut="rl1" LanIn="rl0" IpOut="xxx.xxx.xxx.xxx" #IpOut="192.168.175.1" IpIn="192.168.0.2" NetMask="24" NetIn="192.168.0.0"
##${FwCMD} -f flush 0 flush ##${FwCMD} add check-state ${FwCMD} -f flush ${FwCMD} -f pipe flush ${FwCMD} -f queue flush
${FwCMD} add allow ip from any to any via lo0 ${FwCMD} add deny ip from any to 127.0.0.0/8 ${FwCMD} add deny ip from 127.0.0.0/8 to any # rulezz for sshit table ${FwCMD} add deny not icmp from "table(0)" to me ${FwCMD} add deny ip from any to 10.0.0.0/8 in via ${LanOut} ${FwCMD} add deny ip from any to 172.16.0.0/12 in via ${LanOut} ${FwCMD} add deny ip from any to 192.168.0.0/16 in via ${LanOut} ${FwCMD} add deny ip from any to 0.0.0.0/8 in via ${LanOut} # автоконфигуреную частную сеть ${FwCMD} add deny ip from any to 169.254.0.0/16 in via ${LanOut} # мультикастовые рассылки ${FwCMD} add deny ip from any to 240.0.0.0/4 in via ${LanOut} # рубим фрагментированные icmp ${FwCMD} add deny icmp from any to any frag # рубим широковещательные icmp на внешнем интерфейсе ${FwCMD} add deny log icmp from any to 255.255.255.255 in via ${LanOut} ${FwCMD} add deny log icmp from any to 255.255.255.255 out via ${LanOut}
#ClientBank ${FwCMD} add allow tcp from me to any dst-port 1723 ${FwCMD} add allow tcp from any 1723 to me ${FwCMD} add allow tcp from me to any dst-port 500 ${FwCMD} add allow tcp from any 500 to me ${FwCMD} add allow tcp from me to any dst-port 47 ${FwCMD} add allow tcp from any 47 to me
#bank ${FwCMD} add allow ip from xxx.xxx.xxx.xxx to any ${FwCMD} add allow ip from any to xxx.xxx.xxx.xxx
${FwCMD} add allow tcp from 192.168.0.68 to any 80 ${FwCMD} add allow tcp from 192.168.0.23 to any 80 ${FwCMD} add fwd 127.0.0.1,3128 tcp from ${NetIn}/${NetMask} to any 80,8080,3128 ${FwCMD} add allow all from any to any via ${LanIn}
#DNS ${FwCMD} add allow ip from any to any 53 ${FwCMD} add allow ip from any 53 to any
#SMTP ${FwCMD} add allow tcp from me to any dst-port 21 ${FwCMD} add allow tcp from any 21 to me ${FwCMD} add allow tcp from me to any dst-port 25 ${FwCMD} add allow tcp from any 25 to me ${FwCMD} add allow tcp from any 25 to any via rl0 ${FwCMD} add allow tcp from me to any dst-port 587 ${FwCMD} add allow tcp from any 587 to me
#POP3 ${FwCMD} add allow tcp from me to any dst-port 110 ${FwCMD} add allow tcp from any 110 to me ${FwCMD} add allow tcp from me to any dst-port 993 ${FwCMD} add allow tcp from any 993 to me
#voip ##${FwCMD} add allow tcp from me to any dst-port 5060 ##${FwCMD} add allow tcp from any 5060 to me ##${FwCMD} add allow udp from me to any dst-port 5060 ##${FwCMD} add allow udp from any 5060 to me
#I ${FwCMD} add allow ip from xxx.xxx.xxx.xxx to any ${FwCMD} add allow ip from any to xxx.xxx.xxx.xxx
#McAfee #${FwCMD} add allow ip from 84.53.182.25 to any #${FwCMD} add allow ip from any to 84.53.182.25
#SQUID ${FwCMD} add fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any dst-port 80 in via ${LanOut} ${FwCMD} add fwd 127.0.0.1,3128 tcp from ${NetIn}/${NetMask} to any 80,8080,3128 ${FwCMD} add fwd 127.0.0.1,3128 tcp from ${NetIn}/${NetMask} to any 80 via ${LanOut}
#####${FwCMD} add allow tcp from any to ${IpOut} 3389 via ${LanOut} ${FwCMD} add allow ip from xxx.xxx.xxx.xxx to me 3389 ${FwCMD} add deny all from any to me 3389 ${FwCMD} add allow tcp from any to ${IpOut} 3399 via ${LanOut} ${FwCMD} add allow tcp from any to ${IpOut} 3999 via ${LanOut} ${FwCMD} add allow tcp from any to ${IpOut} 3398 via ${LanOut} ${FwCMD} add allow tcp from any to ${IpOut} 47476 via ${LanOut}
${FwCMD} add allow icmp from any to any icmptypes 0,8,11 ${FwCMD} add allow tcp from any to any established
${FwCMD} add deny ip from any to any [root@router /etc]#
|
Категория: Live CONF | Добавил: Kogr (17.11.2009)
|
Просмотров: 4777
| Рейтинг: 0.0/0 |
|
Vir Actiy |
---|
|
IP |
---|
|
|
Статьи , новости
информационных технологий , обзоры , описание ошибок , Операционные системы , системные
ошибки , новые технологии , аутсорсинг , windows , Linux , VoIP , FreeBSD , Cisco , информационная безопасность , Win7 , Win8 , server , проблемы с серверами , ИТ , управление
инфраструктурой и многое другое…