- 论坛徽章:
- 89
|
这是一个很简单的网络环境,一个ip地址,一个宿舍都使用这个ip通过一个路由器上网,
配置文件份几个部分:
1.先允许本地回路lo0自由进出,这是必须的,某些程序需要通过这种方式通信。
2.打开自己需要的端口和协议。
3.记录需要的信息,用来网络有异常时看看有没有什么不对的。
4.阻止其他一切网络通信。
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!不保证该规则好使!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
################################################################################
# No restrictions on Loopback Interface.
# for in
pass in quick on lo0 all
# for out
pass out quick on lo0 all
################################################################################
# Allow traffic in from ISP's DHCP server.
pass in quick on fxp0 proto udp from 192.168.0.1 to any port = 68 keep state
################################################################################
# Allow out access to my ISP's Domain name server.
pass out quick on fxp0 proto tcp from any to x.x.x.x port = 53 flags S keep state
pass out quick on fxp0 proto tcp from any to x.x.x.x port = 53 flags S keep state
pass out quick on fxp0 proto udp from any to x.x.x.x port = 53 keep state
pass out quick on fxp0 proto udp from any to x.x.x.x port = 53 keep state
################################################################################
# Allow access to World Wide Web.
# for in
pass in quick on fxp0 proto tcp from any to any port = 80 flags S keep state
# for out
pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state
################################################################################
# Allow access to gmail, receive port is 995 and send port is 587.
# for receive e-mail
pass out quick on fxp0 proto tcp from any to any port = 995 flags S keep state
# for send e-mail
pass out quick on fxp0 proto tcp from any to any port = 587 flags S keep state
################################################################################
# Allow Internet Relay Chat.
# for in
pass in quick on fxp0 proto tcp from any to any port = 7000 flags S keep state
# for out
pass out quick on fxp0 proto tcp from any to any port = 7000 flags S keep state
################################################################################
# Allow MSN access.
# for in 443
pass in quick on fxp0 proto tcp from any to any port = 443 flags S keep state
# for out 443
pass out quick on fxp0 proto tcp from any to any port = 443 flags S keep state
# for in 1863
pass in quick on fxp0 proto tcp from any to any port = 1863 flags S keep state
# fro out 1863
pass out quick on fxp0 proto tcp from any to any port = 1863 flags S keep state
################################################################################
# Allow ssh.
# for in
pass in quick on fxp0 proto tcp from any to any port = 22 flags S keep state
# for out
pass out quick on fxp0 proto tcp from any to any port = 22 flags S keep state
################################################################################
# Allow FreeBSD CSUP.
pass out quick on fxp0 proto tcp from any to any port = 5999 flags S keep state
################################################################################
# for log
################################################################################
# Forbid anything, that I don't mentioned above!
block in all
block out all
################################################################################
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/74710/showart_1363015.html |
|
免费注册
发表于 2008-11-06 12:45