免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 1753 | 回复: 3

##IPF高手进!!-ioctl问题 [复制链接]

论坛徽章:
0
发表于 2006-04-13 18:14 |显示全部楼层
规则列表如下(动态生成部分,加在规则的最开始)

pass in on em0 all head 110
pass in quick on em0 proto tcp from 58.65.110.9/32 to 58.15.11.10 port = 80 flags S/SA keep state group 110
block in quick on em0 from 218.10.27.8 to any group 110
block in quick on em0 from 218.57.97.75 to any group 110
block in quick on em0 from 210.76.108.158 to any group 110
block in quick on em0 from 218.10.158.214 to any group 110
block in quick on em0 from 218.29.128.159 to any group 110
block in quick on em0 from 222.161.191.26 to any group 110
block in quick on em0 from 210.76.108.158 to any group 110
block in quick on em0 from 221.221.233.191 to any group 110
block in quick on em0 from 60.16.59.248 to any group 110
block in quick on em0 from 60.20.97.80 to any group 110
block in quick on em0 from 61.149.238.72 to any group 110
block in quick on em0 from 202.99.240.45 to any group 110
block in quick on em0 from 210.76.108.158 to any group 110
block in quick on em0 from 60.195.69.223 to any group 110
block in quick on em0 from 210.76.108.158 to any group 110
block in quick on em0 from 210.76.108.158 to any group 110
block in quick on em0 from 60.216.43.253 to any group 110
block in quick on em0 from 60.16.59.248 to any group 110
block in quick on em0 from 60.222.192.144 to any group 110
block in quick on em0 from 221.12.20.110 to any group 110
block in quick on em0 from 221.201.201.13 to any group 110
block in quick on em0 from 210.76.108.158 to any group 110
block in quick on em0 from 218.12.171.49 to any group 110
block in quick on em0 from 218.12.100.158 to any group 110
block in quick on em0 from any  to any group 110

论坛徽章:
0
发表于 2006-04-13 18:18 |显示全部楼层
补充:shell脚本用于阻止连接本地80端口数量大于10的IP;

不是完全不能加载,而是加载的规则条数远远少于规则文件中的条数;

如:文件中有80条,可实际只加载了20条,而且以后在也无法多加载了.

论坛徽章:
2
技术图书徽章
日期:2013-09-04 15:21:51酉鸡
日期:2013-11-01 21:20:20
发表于 2006-04-14 10:42 |显示全部楼层
原帖由 joyaid 于 2006-4-13 18:09 发表
大家好:

本人在用FreeBSD4.11 ,IP Filter: v3.4.35 (336),

在shell脚本写的monitor,每间隔120加载ipf_rules_files.conf(规则列表);
每次加载前,清空规则和状态,命令: ipf -Fa -FSs
加载规则命令 ...


规则重复了
内核中,ipfilter模块已经加载了
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP