selam
firewall.rules dosyası bu şekilde
#define oif rl0
#define oip 10.0.0.205
#define onet 10.0.0.205:255.255.255.0
#define oip 10.0.0.205
#define onet 10.0.0.205:255.255.255.0
#define iif1 rl1
#define iip1 192.168.0.205
#define inet1 192.168.0.0/24
#define iip1 192.168.0.205
#define inet1 192.168.0.0/24
add allow tcp from any to any 1000 via rl0
add allow udp from any to any 1000 via rl0
add allow udp from any to any 1000 via rl0
add deny all from any to 0.0.0.0/8 via oif
add deny all from any to 169.254.0.0/16 via oif
add deny all from any to 192.0.2.0/24 via oif
add deny all from any to 224.0.0.0/4 via oif
add deny all from any to 240.0.0.0/4 via oif
/**
Network Address Translation. This rule is placed here deliberately
so that it does not interfere with the surrounding address-checking
rules. If for example one of your internal LAN machines had its IP
address set to 192.0.2.1 then an incoming packet for it after being
translated by natd(8) would match the `deny' rule above. Similarly
an outgoing packet originated from it before being translated would
match the `deny' rule below.
**/
add divert natd all from any to any via oif
Network Address Translation. This rule is placed here deliberately
so that it does not interfere with the surrounding address-checking
rules. If for example one of your internal LAN machines had its IP
address set to 192.0.2.1 then an incoming packet for it after being
translated by natd(8) would match the `deny' rule above. Similarly
an outgoing packet originated from it before being translated would
match the `deny' rule below.
**/
add divert natd all from any to any via oif
Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
on the outside interface
**/
add deny all from 0.0.0.0/8 to any via oif
add deny all from 169.254.0.0/16 to any via oif
add deny all from 192.0.2.0/24 to any via oif
add deny all from 224.0.0.0/4 to any via oif
add deny all from 240.0.0.0/4 to any via oif
/************************/
/** Check dynamic rule
/************************/
add check-state
/** Allow TCP through if setup succeeded **/
add allow tcp from any to any established
/** Check dynamic rule
/************************/
add check-state
/** Allow TCP through if setup succeeded **/
add allow tcp from any to any established
/** Allow IP fragments to allow through **/
add allow all from any to any frag
add allow all from any to any frag
/** Allow setup of SMTP **/
add allow tcp from any to any 25
add allow tcp from any 25 to any
add allow tcp from any to any 25
add allow tcp from any 25 to any
/** Allow setup of POP3 **/
add allow tcp from any to any 110
add allow tcp from any 110 to any
add allow tcp from any to any 110
add allow tcp from any 110 to any
/** Allow setup of IMAP4 **/
add allow tcp from any to any 143 setup
add allow tcp from any to any 143 setup
/** Allow setup of ssh **/
add allow tcp from any to any 22 established
add allow tcp from any to any 22 established
/** Allow setup of HTTP **/
add allow tcp from any to any 80,443,8443 setup
add allow tcp from any to any 80,443,8443 setup
add allow tcp from any to any 1000 via rl0
add allow udp from any to any 1000 via rl0
add allow tcp from any to any 5555 via rl0
add allow udp from any to any 5555 via rl0
add allow tcp from any to any 6800-7000 via rl0
add allow udp from any to any 6800-7000 via rl0
add allow tcp from any to any 4899 via rl0
add allow udp from any to any 4899 via rl0
add allow tcp from any to any 5631 via rl0
add allow udp from any to any 5632 via rl0
add allow udp from any to any 53 via rl0
add allow udp from any 53 to any via rl0
add allow udp from any to any 1000 via rl0
add allow tcp from any to any 5555 via rl0
add allow udp from any to any 5555 via rl0
add allow tcp from any to any 6800-7000 via rl0
add allow udp from any to any 6800-7000 via rl0
add allow tcp from any to any 4899 via rl0
add allow udp from any to any 4899 via rl0
add allow tcp from any to any 5631 via rl0
add allow udp from any to any 5632 via rl0
add allow udp from any to any 53 via rl0
add allow udp from any 53 to any via rl0
/** Set Loopback for DNS **/
add allow udp from any to any 53 via lo0
add allow udp from any 53 to any via lo0
/** Set Loopback for SNMP **/
add allow udp from any to any 161 via lo0
add allow udp from any 161 to any via lo0
add allow udp from any to any 161 via lo0
add allow udp from any 161 to any via lo0
/** Blocked TCP and UDP Ports **/
add deny tcp from any to any 135
add deny udp from any to any 1434
add deny tcp from any to any 2025
add deny tcp from any to any 1243
add deny tcp from any to any 27374
add deny udp from any to any 31337
add deny tcp from any to any 135
add deny udp from any to any 1434
add deny tcp from any to any 2025
add deny tcp from any to any 1243
add deny tcp from any to any 27374
add deny udp from any to any 31337
/** Allow setup of any other TCP connection **/
add allow tcp from any to any setup
add allow tcp from any to any setup
/**************************/
/** Allow UDP to outside
/**************************/
add allow udp from oip to any out via oif keep-state
add allow udp from oip to any in via oif keep-state
/** Allow UDP to outside
/**************************/
add allow udp from oip to any out via oif keep-state
add allow udp from oip to any in via oif keep-state
/**************************/
/** Allow ping to outside
/**************************/
add allow icmp from any to any
/** Allow ping to outside
/**************************/
add allow icmp from any to any
/*******************************/
/** Log all unrecognize attempt
/*******************************/
add deny all from any to not oip in via oif
add deny log all from any to any
/** Log all unrecognize attempt
/*******************************/
add deny all from any to not oip in via oif
add deny log all from any to any
add deny tcp from 192.168.0.1 to any
Ahmet FIRAT <[EMAIL PROTECTED]> wrote:
Ahmet FIRAT <[EMAIL PROTECTED]> wrote:
kenelde ipfw iin neler var neler yazdiniz ? onlari iletebilirmisniiz ?----- Original Message -----From: Ömer KoyunTo: FreeBSD FreeBSDSent: Thursday, April 14, 2005 10:00 AMSubject: [FreeBSD] ipfwAhmet Bey sizinde söylemiş olduğunuz gibi
Kernel dosyasına
options IPFIREWALL_DEFAULT_TO_ACCEPTsecenegini yazdım. Ama Yinede çıkış yapamıyorum. Kernel ı tekrar derlemem gerekiyormu. Kernelı derlemeye çalıştığımda da "syntax eror" yani options IPFIREWALL_DEFAULT_TO_ACCEPT seçeneğini yazdığım satırın hatasını veriyor. Burada ne yapmam gerekir.
Teşekklürler
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Do you Yahoo!?
Make Yahoo! your home page
