Chinaunix

标题: pf问题 帮忙下【剑心老大帮忙下】在线等 [打印本页]
作者: cnbist    时间: 2008-11-22 12:08
标题: pf问题 帮忙下【剑心老大帮忙下】在线等
  1. ext_if_cnc="bge0"
  2. cnc_ip="218.61.201.98/32"
  3. open_services = "{80 21 22}"

  5. scrub in all
  6. pass quick on lo0 all keep state

  8. block drop in quick on $ext_if_cnc all
  9. pass in quick on $ext_if_cnc inet proto tcp from any to $ext_if_cnc port $open_services flags S/SA keep state
  10. pass in quick on $ext_if_cnc inet proto tcp from any to $ext_if_cnc port 45000:45100 flags S/SA keep state
  11. table <auto_block> persist
  12. block in quick from <auto_block>
  13. pass in on $ext_if_cnc proto tcp from any to $ext_if_cnc port 80 flags S/SA keep state (source-track rule, max-src-conn-rate 30/5, max-src-states 10, overload <auto_block> flush, src.track 1)
复制代码
帮忙看下上述规则什么地方出错了  老是把我挡到防火墙外边

[ 本帖最后由 cnbist 于 2008-11-22 12:18 编辑 ]
作者: 剑心通明    时间: 2008-11-22 14:30
block drop in quick on $ext_if_cnc all



欢迎光临 Chinaunix (http://bbs.chinaunix.net/) Powered by Discuz! X3.2