- 论坛徽章:
- 0
|
原帖由 cnduly 于 2008-10-11 20:25 发表 ![]()
看看这个合适你不??:wink:
ext_if = "em0"
set loginterface $ext_if
scrub in all
block all
pass out all
pass quick on lo0
pass in log on $ext_if proto tcp from any to any port 21
pass in ...
下面是我的规则
ext_if="bge0"
set loginterface $ext_if
web="{218.199.48.20}"
open_services="{80}"
###block this IP if threads from the IP more than allowd###
table <abusive_hosts> persist
block in quick on $ext_if inet proto tcp from <abusive_hosts> to $web port 80
pass in quick on $ext_if proto tcp from any to $web port 80 flags S/SA keep \
state (max-src-conn 100, max-src-conn-rate 3/1,max-src-states 5 overload \
这位大哥,你帮我看看我的配置,我只要一用上去,服务器就挂了,内网外网都无法访问,你那个配置我都不敢用了,能详细说说你那个配置吗?只需要实现下面的要求
1.网络结构非常简单,服务器直接单网卡公网IP对外网服务,没有防火墙,内网用户通过三层交换机访问
2.对外服务只有HTTP,也就是只开放80
3.没有其他限制,只是要限制外网IP对服务器访问时候控制并发连接数
现在死活不行啊, |
|