看身邊眾長輩的設定幾乎都是如此,作文以記之
請自己在/etc目錄下,創造ipfw.sh檔,將以下資料寫入
並在rc.conf檔,寫上firewall_script="/etc/ipfw.sh"
# Preset Rule
add 1 allow ip from any to any via lo0
add 10 allow tcp from any to any established
add 11 allow ip from any to any frag
強式:只允許某些服務的連線,不允許規則以外的連線
開自己想要的服務,舉例如下
1.清除所有防火牆規則,拒絕所有連線
ipfw -f flush
2.開http service
ipfw add 100 allow tcp from [ip] to me 80 via [interface]
3.開ftp service
ipfw add 200 allow ip from any to me 21 via [interface]
4.開SSH service
ipfw add 300 allow tcp from [ip] to me 22 via [interface]
# Default Rule : From me to out
add 50000 allow icmp from any to any keep-state
add 54000 allow tcp from me to any setup
add 55000 allow udp from me to any keep-state
沒有留言:
張貼留言