利用PF来实现多路由表
2009-05-13 15:59:39来源:未知 阅读 ()
在FreeBSD7.1之前,要实现跟linux下的iproute2那样的功能:从哪来的数据还从哪返回,可以用PF来实现,具体方法如下:1:rc.conf里面
设置两个ip,一个默认路由(注意此处的默认路由仅仅相对于该机器对外访问时的路由选择)
2:pf.conf
tel_if = "em0" #
cnc_if = "em1" #
loop_if = "lo0"
gw_tel = "121.33.xx.xx"
gw_cnc = "210.21.yy.yy"
set optimization aggressive
#set timeout { interval 10, frag 30 }
set timeout { tcp.first 30, tcp.opening 5, tcp.established 1800 }
#set timeout { tcp.closing 60, tcp.finwait 30, tcp.closed 30 }
#set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
#set timeout { icmp.first 20, icmp.error 10 }
#set timeout { other.first 60, other.single 30, other.multiple 60 }
#set timeout { adaptive.start 0, adaptive.end 0 }
scrub in all
# Block IP on the $ext_if
block in quick on {$tel_if, $cnc_if} from to any
block all
pass quick on $loop_if all
#############################
# $tel_if
#############################
block in quick on $tel_if proto tcp all flags SF/SFRA
block in quick on $tel_if proto tcp all flags SFUP/SFRAU
block in quick on $tel_if proto tcp all flags FPU/SFRAUP
block in quick on $tel_if proto tcp all flags /SFRA
block in quick on $tel_if proto tcp all flags F/SFRA
block in quick on $tel_if proto tcp all flags U/SFRAU
# SSH,HTTP,SMTP,POP3,FTP
pass in quick on $tel_if proto tcp from $tel_if:network to any port {22,80,443,25,110,143} keep state
pass in quick on $tel_if proto tcp from $tel_if:network to any port {21,49152:65535} keep state
# Other
pass in quick on $tel_if reply-to ($tel_if $gw_tel) proto tcp from any to any port {22,25,110,143,80,443} keep state
pass in quick on $tel_if reply-to ($tel_if $gw_tel) proto tcp from any to any port {21,49152:65535} keep state
pass in quick on $tel_if reply-to ($tel_if $gw_tel) proto {tcp,udp} from any to any port 53 keep state
pass in quick on $tel_if reply-to ($tel_if $gw_tel) proto icmp from any to any icmp-type 8 code 0 keep state
pass out quick on $tel_if all keep state
############################
# $cnc_if
############################
block in quick on $cnc_if proto tcp all flags SF/SFRA
block in quick on $cnc_if proto tcp all flags SFUP/SFRAU
block in quick on $cnc_if proto tcp all flags FPU/SFRAUP
block in quick on $cnc_if proto tcp all flags /SFRA
block in quick on $cnc_if proto tcp all flags F/SFRA
block in quick on $cnc_if proto tcp all flags U/SFRAU
# Other
pass in quick on $cnc_if reply-to ($cnc_if $gw_cnc) proto tcp from any to any port {22,25,110,143,80,443} keep state
pass in quick on $cnc_if reply-to ($cnc_if $gw_cnc) proto tcp from any to any port {21,49152:65535} keep state
pass in quick on $cnc_if reply-to ($cnc_if $gw_cnc) proto {tcp,udp} from any to any port 53 keep state
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
- FreeBSD下nginx+fast-cgi+mysql+zend的实现 2009-05-13
- 问一下:ipfw+natd 如何实现回流端口映射 2009-05-13
- freebsd和linux下添加IP地址和静态路由 2009-05-13
- Carp+IPVS实现热备及负载均衡freebsd 6.4 2009-05-13
- freebsd 7.1 CARP实现热备+负载均衡 2009-05-13
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
