- 论坛徽章:
- 0
|
1. freebsd 9.2 的。。ipfw -q -f flush 没有效果 list 还是有
2. 看一下面规则。。 add 是不是给一个号码的意思? 那set 是什么意思?
#Loopback Interface
add 11 set 31 allow all from any to any via lo0
#Trust host
add 21 set 31 allow all from me to 218.66.104.204 via re0
add 22 set 31 allow all from 218.66.104.204 to me via re0
add 23 set 31 allow all from me to 172.20.104.3 via re0
add 24 set 31 allow all from 172.20.104.3 to me via re0
add 25 set 31 allow all from me to 117.27.156.59 via re0
add 26 set 31 allow all from 117.27.156.59 to me via re0
add 27 set 31 allow all from me to 172.20.104.3 via re0
add 28 set 31 allow all from 172.20.104.3 to me via re0
add 29 set 31 allow all from me to 172.20.104.4 via re0
add 30 set 31 allow all from 172.20.104.4 to me via re0
#Dynamic rules
add 31 set 31 check-state
#Services response
add 41 set 31 allow tcp from any to me 80,88,443 in via re0 setup keep-state
#Application request
add 81 set 31 allow tcp from me to any 80,443 out via re0 setup keep-state
add 82 set 31 allow udp from me to any 53,123 out via re0 keep-state
add 83 set 31 allow tcp from me to any 25,110 out via re0 setup keep-state
~
|
|