免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 操作系统 BSD 请问在pftop下看到的这些是什么来的?以前好像没有阿
12
最近访问板块 发新帖
楼主: oyzjin
打印 上一主题 下一主题

[OpenBSD] 请问在pftop下看到的这些是什么来的?以前好像没有阿 [复制链接]

rainren

论坛徽章:
0
11 [报告]
发表于 2006-06-23 12:29 |只看该作者
pfctl -sa看看是怎么样的?你写了什么样的规则才会显示出什么样的信息出来!
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
oyzjin

论坛徽章:
0
12 [报告]
发表于 2006-06-23 20:19 |只看该作者
我直接发配置文件吧:

  2. EXT_IF="fxp1"
  3. NET_IF="fxp0"
  4. PF_IF="rl0"
  5. EXT_NET="X.X.X.X"
  6. GW="X.X.X.X"
  7. pMail="{25,110,143}"
  8. pSsh="{22,50000}"
  9. pWeb="{80,443,50001,37}"
  10. pProxy="{50001}"
  11. pMsn="{1863}"
  12. pFtp="{21,20}"
  13. pQqS="{8000}"
  14. pRsync="{873}"
  15. table <All> {172.16.16.0/24,172.16.15.0/24,172.16.18.0/24,172.16.19.0/24,172.16.31.0/24,172.16.17.0/24}
  16. table <Res> {172.16.17.0/24}
  17. table <Tec> {172.16.16.0/24,172.16.15.0/24,172.16.18.0/24,172.16.19.0/24,172.16.31.0/24}
  18. table <Bak> {172.16.18.0/24,172.16.19.0/24}
  19. table <IDC> {211.155.0.0/16}
  20. table <PRIV> {10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
  21. table <CONTROL> {172.16.16.4,172.16.17.4,172.16.15.4,172.16.18.4,172.16.19.4,172.16.20.4}
  22. table <routeTable> {10.0.0.1}
  23. #scrub in all
  24. altq on $NET_IF cbq bandwidth 4Mb queue {ssh,mQuick,eQuick,lQuick,other}
  25.    queue ssh bandwidth 10% priority 7 cbq(ecn,borrow)
  26.    queue mQuick bandwidth 10% priority 6 cbq(ecn,borrow)
  27.    queue eQuick bandwidth 40% priority 5 cbq(ecn,borrow)
  28.    queue lQuick bandwidth 30% priority 4 cbq(ecn,borrow)
  29.    queue other bandwidth 10% priority 2 cbq(ecn,default,borrow)
  30. altq on $EXT_IF cbq bandwidth 500Kb queue {oSsh,oQuick,web,oOther}
  31.    queue oSsh bandwidth 10% priority 7 cbq(ecn,borrow)
  32.    queue oQuick bandwidth 30% priority 5 cbq(ecn,borrow)
  33.    queue web bandwidth 50% priority 3 cbq(ecn,borrow)
  34.    queue oOther bandwidth 10% priority 1 cbq(ecn,default,borrow)
  35. nat on $EXT_IF from <All> to any -> $EXT_NET
  36. nat on $EXT_IF from <routeTable> to any -> $EXT_NET
  37. rdr pass on $NET_IF proto tcp from any to any port $pFtp -> 127.0.0.1 port 8021
  38. #rdr pass on $NET_IF inet proto tcp from any to any port 80 -> 127.0.0.1 port 50001
  39. rdr pass on $EXT_IF proto tcp from any to any port 8000 -> 172.16.16.181 port 8000
  40. rdr pass on $EXT_IF proto {tcp,udp} from any to any port 10700 -> 172.16.16.4 port 10700
  41. rdr pass on $EXT_IF proto {tcp,udp} from any to any port 10702 -> 172.16.16.4 port 10702
  42. block all
  43. pass quick on lo0 all keep state
  44. pass quick on $NET_IF from <CONTROL> to any keep state queue ssh
  45. pass in quick on $NET_IF from <Bak> to any keep state
  46. pass out quick on $EXT_IF proto tcp from $EXT_NET to any port $pRsync keep state
  47. pass in quick on $EXT_IF proto tcp from any to $EXT_NET port > 45000 keep state
  48. pass in quick on $EXT_IF proto tcp from any to $EXT_NET port 8000 keep state
  49. pass quick on $PF_IF proto pfsync
  50. pass quick on $NET_IF proto carp keep state
  51. pass quick on $NET_IF proto icmp keep state
  52. pass quick on $PF_IF all

  54. pass out on $EXT_IF proto icmp from $EXT_NET to any keep state queue oQuick
  55. pass out on $EXT_IF proto tcp from $EXT_NET to any port $pSsh keep state queue oSsh
  56. pass out on $EXT_IF proto {tcp,udp} from $EXT_NET to any port 53 keep state queue oQuick
  57. pass out on $EXT_IF proto tcp from $EXT_NET to any port $pWeb keep state queue web
  58. pass out on $EXT_IF proto tcp from $EXT_NET to any port $pMail keep state queue oQuick
  59. pass out on $EXT_IF proto tcp from $EXT_NET to any port $pFtp keep state
  60. pass out on $EXT_IF proto tcp from $EXT_NET to any port 7777 keep state
  61. pass out on $EXT_IF proto tcp from $EXT_NET to any port > 50000 keep state
  62. pass in on $EXT_IF proto tcp from any port $pSsh to $EXT_NET keep state queue ssh
  63. pass in on $EXT_IF proto {udp,tcp} from any port 53 to $EXT_NET keep state queue mQuick
  64. pass in on $EXT_IF proto tcp from any port $pMail to $EXT_NET keep state queue mQuick

  66. pass in on $NET_IF proto tcp from <All> to any port $pMail keep state queue mQuick
  67. pass in on $NET_IF proto tcp from <All> to any port $pWeb keep state queue eQuick
  68. pass in on $NET_IF proto tcp from <Res> to any port $pWeb keep state queue lQuick
  69. pass in on $NET_IF proto {udp,tcp} from <All> to any port 53 keep state queue mQuick
  70. pass in on $NET_IF proto tcp from <All> to any port $pFtp keep state
  71. pass in on $NET_IF proto tcp from <All> to any port 8021 keep state
  72. pass in on $NET_IF proto tcp from <All> to any port > 49999 keep state

  74. #pass in on $NET_IF from <Tec> to any keep state queue oOther
  75. #pass in on $NET_IF proto tcp from <Tec> to any port $pSsh keep state queue ssh
  76. #pass in on $NET_IF proto {udp,tcp} from <All> to any port 53 keep state queue mQuick
  77. #pass in on $NET_IF proto tcp from <All> to any port $pMail keep state queue mQuick
  78. #pass in on $NET_IF proto tcp from <Tec> to any port $pWeb keep state queue eQuick
  79. #pass in on $NET_IF proto tcp from <Res> to any port $pWeb keep state queue lQuick
复制代码
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP