----- Original Message -----
Sent: Thursday, April 14, 2005 9:33
AM
Subject: [FreeBSD] ipfw hakkında
Merhaba arkadaşlar
FreeBSD 5.3 kurdum ve /usr/local/etc/firewall.rules dosyasına aşağıdaki
kuralları yazdım
fakat ne dışarıya ping atabiliyorum nede internete çıkabiliyorum
ancak ( ipfw add allow all from any to any ) kuralı yazdığım zaman
çıkabiliyorum. bu kuralı yazmadan dışarıya çıkış için kurallar ne
olabilir.
şimdiden teşekkürler
#define oif rl0
#define oip 10.0.0.205
#define onet
10.0.0.205:255.255.255.0
#define iif1 rl1
#define iip1 192.168.0.205
#define
inet1 192.168.0.0/24
add allow tcp from any to any 1000 via rl0
add allow udp from any to
any 1000 via rl0
/**
Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes
RESERVED-1,
DHCP auto-configuration, NET-TEST, MULTICAST (class D),
and class E)
on the outside interface
**/
add deny all from any
to 0.0.0.0/8 via oif
add deny all from any to 169.254.0.0/16 via oif
add
deny all from any to 192.0.2.0/24 via oif
add deny all from any to 224.0.0.0/4 via oif
add deny all from any to 240.0.0.0/4 via
oif
/**
Network Address Translation. This rule is placed here
deliberately
so that it does not interfere with the surrounding
address-checking
rules. If for example one of your internal LAN
machines had its IP
address set to 192.0.2.1 then an incoming packet
for it after being
translated by natd(8) would match the `deny' rule
above. Similarly
an outgoing packet originated from it before
being translated would
match the `deny' rule below.
**/
add
divert natd all from any to any via oif
/**
Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes
RESERVED-1,
DHCP auto-configuration, NET-TEST, MULTICAST (class D),
and class E)
on the outside interface
**/
add deny all from
0.0.0.0/8 to any via oif
add deny all from 169.254.0.0/16 to any via
oif
add deny all from 192.0.2.0/24 to any via oif
add deny all from
224.0.0.0/4 to any via oif
add deny all from 240.0.0.0/4 to any via
oif
/************************/
/** Check dynamic
rule
/************************/
add check-state
/** Allow
TCP through if setup succeeded **/
add allow tcp from any to any
established
/** Allow IP fragments to allow through **/
add allow all from
any to any frag
/** Allow setup of SMTP **/
add allow tcp from any to any 25
add
allow tcp from any 25 to any
/** Allow setup of POP3 **/
add allow tcp from any to any 110
add
allow tcp from any 110 to any
/** Allow setup of IMAP4 **/
add allow tcp from any to any 143
setup
/** Allow setup of ssh **/
add allow tcp from any to any 22
established
/** Allow setup of HTTP **/
add allow tcp from any to any 80,443,8443
setup
add allow tcp from any to any 1000 via rl0
add allow udp from any to
any 1000 via rl0
add allow tcp from any to any 5555 via rl0
add allow
udp from any to any 5555 via rl0
add allow tcp from any to any 6800-7000
via rl0
add allow udp from any to any 6800-7000 via rl0
add allow tcp
from any to any 4899 via rl0
add allow udp from any to any 4899 via
rl0
add allow tcp from any to any 5631 via rl0
add allow udp from any to
any 5632 via rl0
add allow udp from any to any 53 via rl0
add allow udp
from any 53 to any via rl0
/** Set Loopback for DNS **/
add allow udp from any to any 53 via
lo0
add allow udp from any 53 to any via lo0
/** Set Loopback for SNMP **/
add allow udp from any to any 161 via
lo0
add allow udp from any 161 to any via lo0
/** Blocked TCP and UDP Ports **/
add deny tcp from any to any
135
add deny udp from any to any 1434
add deny tcp from any to any
2025
add deny tcp from any to any 1243
add deny tcp from any to any
27374
add deny udp from any to any 31337
/** Allow setup of any other TCP connection **/
add allow tcp from any
to any setup
/**************************/
/** Allow UDP to
outside
/**************************/
add allow udp from oip to any out
via oif keep-state
add allow udp from oip to any in via oif
keep-state
/**************************/
/** Allow ping to
outside
/**************************/
add allow icmp from any to any
/*******************************/
/** Log all unrecognize
attempt
/*******************************/
add deny all from any to not
oip in via oif
add deny log all from any to any
add deny tcp from 192.168.0.1 to any
__________________________________________________
Do You
Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com