freebsd ipfw 配置
2009-05-13 11:18:02来源:未知 阅读 ()
默认配置的 FreeBSD 7.0 采用传统的 4BSD 调度器,因此需要将其替换为 ULE 调度器cd /usr/src/sys/i386/conf
sed -e s,4BSD,ULE,g GENERIC > mykernel 适用mysql
编译内核
先应朋友之托先做防火墙试验!
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=5
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
make buildkernel KERNCONF=mykernel
make installkernel KERNCONF=mykernel
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-dynamic -m"
防火墙配置,参考了手册上的
################ Start of IPFW rules file ###############################
# Flush out the list before we begin.
ipfw -q -f flush
# Set rules command prefix
cmd="ipfw -q add"
pif="rl0" # public interface name of NIC
# facing the public Internet
#################################################################
# No restrictions on Inside LAN Interface for private network
# Not needed unless you have LAN.
# Change xl0 to your LAN NIC interface name
#################################################################
#$cmd 00005 allow all from any to any via bge0
#################################################################
# No restrictions on Loopback Interface
#################################################################
$cmd 00010 allow all from any to any via lo0
#################################################################
# Allow the packet through if it has previous been added to the
# the "dynamic" rules table by a allow keep-state statement.
#################################################################
$cmd 00015 check-state
#################################################################
# Interface facing Public Internet (Outbound Section)
# Interrogate session start requests originating from behind the
# firewall on the private network or from this gateway server
# destine for the public Internet.
#################################################################
# Allow out access to my ISP's Domain name server.
# x.x.x.x must be the IP address of your ISP.s DNS
# Dup these lines if your ISP has more than one DNS server
# Get the IP addresses from /etc/resolv.conf file
$cmd 00110 allow tcp from any to 202.102.192.68 53 out via $pif setup keep-state
$cmd 00111 allow udp from any to 202.102.192.68 53 out via $pif keep-state
# Allow out non-secure standard www function
$cmd 00200 allow tcp from any to any 80 out via $pif setup keep-state
# Allow out secure www function https over TLS SSL
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
- 提示:bad kernel: arp : 内网IP地址 is on em0 but got rep 2009-05-13
- 有没有FreeBSD内核配置文件的中文版解释文档呢? 2009-05-13
- freebsd的目录结构 2009-05-13
- nfs配置 2009-05-13
- 【转载】freebsd sysctl.conf配置说明 2009-05-13
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
