ipf.rules

2009-05-13 15:26:01来源:未知 阅读 ()

新老客户大回馈,云服务器低至5折


                                这是一个很简单的网络环境,一个ip地址,一个宿舍都使用这个ip通过一个路由器上网,
配置文件份几个部分:
1.先允许本地回路lo0自由进出,这是必须的,某些程序需要通过这种方式通信。
2.打开自己需要的端口和协议。
3.记录需要的信息,用来网络有异常时看看有没有什么不对的。
4.阻止其他一切网络通信。
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!不保证该规则好使!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
################################################################################
# No restrictions on Loopback Interface.
# for in
pass in quick on lo0 all
# for out
pass    out quick on lo0 all
################################################################################
# Allow traffic in from ISP's DHCP server.
pass in quick on fxp0 proto udp from 192.168.0.1 to any port = 68 keep state
################################################################################
# Allow out access to my ISP's Domain name server.
pass out quick on fxp0 proto tcp from any to x.x.x.x port = 53 flags S keep state
pass out quick on fxp0 proto tcp from any to x.x.x.x port = 53 flags S keep state
pass out quick on fxp0 proto udp from any to x.x.x.x port = 53 keep state
pass out quick on fxp0 proto udp from any to x.x.x.x port = 53 keep state
################################################################################
# Allow access to World Wide Web.
# for in
pass in quick on fxp0 proto tcp from any to any port = 80 flags S keep state
# for out
pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state
################################################################################
# Allow access to gmail, receive port is 995 and send port is 587.
# for receive e-mail
pass out quick on fxp0 proto tcp from any to any port = 995 flags S keep state
# for send e-mail
pass out quick on fxp0 proto tcp from any to any port = 587 flags S keep state
################################################################################
# Allow Internet Relay Chat.
# for in
pass in quick on fxp0 proto tcp from any to any port = 7000 flags S keep state
# for out
pass out quick on fxp0 proto tcp from any to any port = 7000 flags S keep state
################################################################################
# Allow MSN access.
# for in 443
pass in quick on fxp0 proto tcp from any to any port = 443 flags S keep state
# for out 443
pass out quick on fxp0 proto tcp from any to any port = 443 flags S keep state
# for in 1863
pass in quick on fxp0 proto tcp from any to any port = 1863 flags S keep state

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:希望FreeBSD建一个官方的索引页面

下一篇:在OpenBSD中安装和使用nginx的注意事项!!!