- 论坛徽章:
- 0
|
参考某大大的PF, 如法泡制, 规则错误, 不能上网站及QQ, 初步怀疑单网卡是行不通的.
环境: ADSL拨号上网, 单机单网卡, 一个懒人
# > /etc/pf.conf
# vi /etc/pf.conf
========================== pf.conf ======================
ext_if = "rl0"
noroute = "{ 127.0.0.1/8, 10.0.0.0/8, 255.255.255.255/32 }"
ports = "{ 20, 21, 22 }"
web = "{127.0.0.1}"
set block-policy return
set optimization aggressive
set skip on lo0
scrub in all
rdr on $ext_if proto tcp from any to $ext_if port 80 -> $web port 80
rdr on $ext_if proto tcp from any to $ext_if port 443 -> $web port 443
###to disenable antispoof
antispoof for $ext_if inet
block all
block return
block in quick on $ext_if os NMAP
block in quick on $ext_if from $noroute to any
block out quick on $ext_if from any to $noroute
###enable synproxy for web
pass in on $ext_if proto tcp from any to $web port {80,443} flags S/SA keep state
pass quick on $loop all
pass in on $ext_if proto {tcp,udp} from any to any port $ports keep state
pass in quick proto tcp from any to any port 55000 >< 56000 keep state
pass out on $ext_if all keep state
========================== pf.conf ======================
测试结果 http://bbs.chinaunix.net/viewthread.php?tid=882260 |
|
免费注册
发表于 2007-01-07 16:45
