OpenForum RSS: freebsd 9.0 ipfw

freebsd 9.0 ipfw (999)

Wed, 08 Feb 2012 12:13:00 GMT

>[�� ]
>> nat 123 config if rl0 log
>> add 00050 nat 123 ip from any to any via rl0
>> add 00090 check-state
>> add 00100 deny icmp from any to any frag
>> add 00101 allow icmp from any to any icmptypes 0,3,8,11
>> add 00102 deny icmp from any to any
>> add 00150 deny ip from any to any dst-port 69,135-139,445,901-1110,20034,31337,6000-9999,10001-19999
>> in via rl0
>> add 65000 allow ip from any to any
> � �� check-state, �� keep-state?

�� . ��

freebsd 9.0 ipfw (999)

Wed, 08 Feb 2012 12:12:22 GMT

> �� (�� , 192.168.0.31 - ��
> ��):
> ${fwcmd} nat 10 config if ${net_if} redirect_port tcp 192.168.0.31:5000-5100 5000-5100
> ${fwcmd} add 10 nat 10 tcp from any to any
> ${fwcmd} nat 20 config if ${net_if} redirect_port tcp 192.168.0.31:3479 3479
> ${fwcmd} add 20 nat 20 tcp from any to any

��, ��. ��. ��-�� . ��.

freebsd 9.0 ipfw (��)

Tue, 07 Feb 2012 10:26:49 GMT

>[�� ]
> add 00004 count ip from any to any in via rl1
> nat 123 config if rl0 log
> add 00050 nat 123 ip from any to any via rl0
> add 00090 check-state
> add 00100 deny icmp from any to any frag
> add 00101 allow icmp from any to any icmptypes 0,3,8,11
> add 00102 deny icmp from any to any
> add 00150 deny ip from any to any dst-port 69,135-139,445,901-1110,20034,31337,6000-9999,10001-19999
> in via rl0
> add 65000 allow ip from any to any

� �� check-state, �� keep-state?

freebsd 9.0 ipfw (��)

Tue, 07 Feb 2012 10:22:51 GMT

>>> �� . �� .
>> �� , �� .
>> nat 123 config?
> �� !

�� .

>[�� ]
> add 00050 nat 123 ip from any to any via rl0
> add 00090 check-state
> add 00100 deny icmp from any to any frag
> add 00101 allow icmp from any to any icmptypes 0,3,8,11
> add 00102 deny icmp from any to any
> add 00150 deny ip from any to any dst-port 69,135-139,445,901-1110,20034,31337,6000-9999,10001-19999
> in via rl0
> add 65000 allow ip from any to any
> �� NAT �� .
> �� .

�� (�� , 192.168.0.31 - �� ):
${fwcmd} nat 10 config if ${net_if} redirect_port tcp 192.168.0.31:5000-5100 5000-5100
${fwcmd} add 10 nat 10 tcp from any to any
${fwcmd} nat 20 config if ${net_if} redirect_port tcp 192.168.0.31:3479 3479
${fwcmd} add 20 nat 20 tc

freebsd 9.0 ipfw (999)

Tue, 07 Feb 2012 06:22:59 GMT

>> �� . �� .
> �� , �� .
> nat 123 config?

�� !
��, �� nat.
��
add 00001 count ip from any to any out via rl0
add 00002 count ip from any to any in via rl0
add 00003 count ip from any to any out via rl1
add 00004 count ip from any to any in via rl1
nat 123 config if rl0 log
add 00050 nat 123 ip from any to any via rl0
add 00090 check-state
add 00100 deny icmp from any to any frag
add 00101 allow icmp from any to any icmptypes 0,3,8,11
add 00102 deny icmp from any to any
add 00150 deny ip from any to any dst-port 69,135-139,445,901-1110,20034,31337,6000-9999,10001-19999 in via rl0
add 65000 allow ip from any to any

�� NAT �� .
�� .

freebsd 9.0 ipfw (��)

Mon, 06 Feb 2012 23:17:50 GMT

> �� . �� .

�� , �� .

nat 123 config?

freebsd 9.0 ipfw (999)

Mon, 06 Feb 2012 22:14:04 GMT

�� . �� .

freebsd 9.0 ipfw (999)

Mon, 06 Feb 2012 18:49:58 GMT

>[�� ]
>> Available values for this setting are:
>> open -- pass all traffic.
>> client -- will protect only this machine.
>> simple -- protect the whole network.
>> closed -- entirely disables IP traffic except for the loopback interface.
>> UNKNOWN -- disables the loading of firewall rules.
>> filename -- absolute path of file containing firewall rules. <<<
>> �� - ��, �� , �� , � ��
>> �� .
> ��-��, ��

��. ��
firewall_type="��"
add 00050 nat 123 ip4 from any to any via rl0
add 65000 allow ip from any to any

ipfw show
00050 380 20990 nat 123 ip4 from any to any via rl0
00100 86 7166 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from any to ::1
00500 0 0 deny ip from ::1 to any
00600 0 0 allow ipv6-icmp from :: to ff02::/16
00700 0 0 allow ipv6-

freebsd 9.0 ipfw (��)

Mon, 06 Feb 2012 13:58:30 GMT

>[�� ]
> firewall_type="open"
> Available values for this setting are:
> open -- pass all traffic.
> client -- will protect only this machine.
> simple -- protect the whole network.
> closed -- entirely disables IP traffic except for the loopback interface.
> UNKNOWN -- disables the loading of firewall rules.
> filename -- absolute path of file containing firewall rules. <<<
> �� - ��, �� , �� , � ��
> �� .

��-��, ��

OpenForum RSS: freebsd 9.0 ipfw

freebsd 9.0 ipfw (999)

freebsd 9.0 ipfw (999)

freebsd 9.0 ipfw (������)

freebsd 9.0 ipfw (������)

freebsd 9.0 ipfw (999)

freebsd 9.0 ipfw (������)

freebsd 9.0 ipfw (999)

freebsd 9.0 ipfw (999)

freebsd 9.0 ipfw (������)

freebsd 9.0 ipfw (��)

freebsd 9.0 ipfw (��)

freebsd 9.0 ipfw (��)

freebsd 9.0 ipfw (��)