Difference between revisions of "Ipfw"
From Teknologisk videncenter
m (→/etc/ipfw.rules script) |
m (→/etc/ipfw.rules script) |
||
| Line 29: | Line 29: | ||
</source> | </source> | ||
{{Source cli}} | {{Source cli}} | ||
| + | ==Status== | ||
| + | <source lang=cli> | ||
| + | [root@mars etc]#<input>ipfw list</input> | ||
| + | 00100 allow ip from any to any via lo0 | ||
| + | 00200 deny ip from any to 127.0.0.0/8 | ||
| + | 00300 deny ip from 127.0.0.0/8 to any | ||
| + | 00301 deny log logamount 5 ip from 118.175.0.0/16 to any | ||
| + | 01000 allow ip from any to any | ||
| + | 65000 allow ip from any to any | ||
| + | 65535 deny ip from any to any | ||
| + | </source> | ||
[[Category:FreeBSD]] | [[Category:FreeBSD]] | ||
Revision as of 16:36, 18 November 2010
Contents
ipfw -- IP firewall and traffic shaper control program
/etc/rc.conf
#IPFW enable firewall
firewall_enable="YES"
firewall_type="open"
firewall_script="/etc/ipfw.rules"/etc/sysctl.conf
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5/etc/ipfw.rules script
############### start of example ipfw rules script #############
#http://www.freebsd.org/doc/handbook/firewalls-ipfw.html
ipfw -q -f flush # Delete all rules
# Set defaults
oif="vr1" # out interface
cmd="ipfw -q add " # build rule prefix
ks="keep-state" # just too lazy to key this each time
$cmd 00100 allow ip from any to any via lo0
$cmd 00200 deny ip from any to 127.0.0.0/8
$cmd 00300 deny ip from 127.0.0.0/8 to any
$cmd 00301 deny log ip from 118.175.0.0/16 to any #Log til /var/log/security via syslog
$cmd 65000 allow ip from any to any
################### End of example ipfw rules script ############Status
[root@mars etc]#<input>ipfw list</input>
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00301 deny log logamount 5 ip from 118.175.0.0/16 to any
01000 allow ip from any to any
65000 allow ip from any to any
65535 deny ip from any to any