- 论坛徽章:
- 0
|
个人pc机器安装freebsd9.0 服务器正常运行 跑着wordpress博客 ,我添加一条指令
ipfw add 10001 deny all from 192.168.1.6 to any
ipfw show 显示这条规则 ,防火墙正常运行
本人用192.168.1.6这台电脑还是可以访问服务器,也可操作, 求指点
/etc/ipfw.rule文件内容如下
#!/bin/sh
ipfw -q -f flush
IPF="ipfw -q add"
ip="192.168.1.251"
ipfw -q -f flush
pif="em0"
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 15 allow all from $ip to any via $pif
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
#statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
#$IPF 80 allow icmp from 192.168.3.0/24 to any via $pif
# open port ftp (21,22), ssh (22), mail (25)
#http (80), dns (53) etc
$IPF 110 allow tcp from any to any 21 in
$IPF 120 allow tcp from any to any 21 out
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow tcp from any to any 53 in
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in setup limit src-addr 150
$IPF 210 allow tcp from any to any 80 out
$IPF 211 allow tcp from any to any 3306 in
$IPF 212 allow tcp from any to any 3306 out
$IPF 213 allow tcp from any to any 1186 in
$IPF 214 allow tcp from any to any 1186 out
$IPF 215 allow tcp from any to any 11211
$IPF 220 allow tcp from any to any 10000-65535 in
$IPF 221 allow tcp from any to any 10000-65535 out
$IPF 320 deny tcp from any to any 137 in via $pif
$IPF 321 deny tcp from any to any 138 in via $pif
$IPF 322 deny tcp from any to any 139 in via $pif
$IPF 323 deny tcp from any to any 81 in via $pif
$IPF 400 allow udp from $ip to any
$IPF 401 allow icmp from any to $ip
$IPF 402 allow icmp from $ip to any 8
$IPF 403 allow icmp from $ip to any 0
$IPF 404 allow icmp from $ip to any 11
$IPF 405 allow icmp from $ip to any 3
#$IPF 800 pipe 1 ip from 192.168.3.10 to any in
#$IPF 900 pipe 2 ip from any to 192.168.3.10 out
#ipfw pipe 1 config bw 200Kbit/s queue 150Kbit
#ipfw pipe 2 config bw 300Kbit/s queue 20
# deny and log everything
$IPF 500 deny log all from any to any
开机启动文件rc.conf 防火墙文件如下
firewall_enable="YES"
firewall_script="/etc/ipfw.rule"
firewall_quiet="NO"
#open ipfw function
|
|