Ömer bey iyi günler, firewall.rules dosyanizi calistiriyor musunuz? ve calistirirken preprocessor olarak cpp yi gosteriyor musunuz?
ipfw show komutunu calistirarak aktif olan kurallari gonderebilir misiniz? elinizdeki kurallari calistirmak icin; ipfw -p cpp firewall.rules seklinde yazin Saygilarimla, Ozkan KIRIK EnderUNIX Yazilim Gelistirme Takimi Yazilim Gelistiricisi Web : http://www.enderunix.org Haber: http://haber.enderunix.org Ipucu: http://ipucu.enderunix.org Ömer Koyun <[EMAIL PROTECTED]> : > selam > > firewall.rules dosyası bu şekilde > > #define oif rl0#define oip 10.0.0.205#define onet > 10.0.0.205:255.255.255.0 > #define iif1 rl1#define iip1 192.168.0.205#define inet1 > 192.168.0.0/24 > add allow tcp from any to any 1000 via rl0add allow udp from any to any 1000 > via rl0 > add deny all from any to 0.0.0.0/8 via oifadd deny all from any to > 169.254.0.0/16 via oifadd deny all from any to 192.0.2.0/24 via > oif add deny all from any to 224.0.0.0/4 via > oif add deny all from any to 240.0.0.0/4 via > oif > /** Network Address Translation. This rule is placed here > deliberately so that it does not interfere with the surrounding > address-checking rules. If for example one of your internal LAN > machines had its IP address set to 192.0.2.1 then an incoming packet for > it after being translated by natd(8) would match the `deny' rule > above. Similarly an outgoing packet originated from it before > being translated would match the `deny' rule below.**/add divert natd > all from any to any via oif > Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes > RESERVED-1, DHCP auto-configuration, NET-TEST, MULTICAST (class D), and > class E) on the outside interface**/add deny all from 0.0.0.0/8 to any > via oifadd deny all from 169.254.0.0/16 to any via oifadd deny all from > 192.0.2.0/24 to any via oifadd deny all from 224.0.0.0/4 to any via oifadd > deny all from 240.0.0.0/4 to any via oif > /************************//** Check dynamic rule/************************/add > check-state /** Allow TCP through if setup succeeded **/add allow tcp > from any to any established > /** Allow IP fragments to allow through **/ add allow all from any to > any frag > /** Allow setup of SMTP **/add allow tcp from any to any 25add allow tcp from > any 25 to any > /** Allow setup of POP3 **/add allow tcp from any to any 110add allow tcp > from any 110 to any > /** Allow setup of IMAP4 **/add allow tcp from any to any 143 setup > /** Allow setup of ssh **/add allow tcp from any to any 22 established > /** Allow setup of HTTP **/add allow tcp from any to any 80,443,8443 setup > add allow tcp from any to any 1000 via rl0add allow udp from any to any 1000 > via rl0add allow tcp from any to any 5555 via rl0add allow udp from any to > any 5555 via rl0add allow tcp from any to any 6800-7000 via rl0add allow udp > from any to any 6800-7000 via rl0add allow tcp from any to any 4899 via > rl0add allow udp from any to any 4899 via rl0add allow tcp from any to any > 5631 via rl0add allow udp from any to any 5632 via rl0add allow udp from any > to any 53 via rl0add allow udp from any 53 to any via rl0 > /** Set Loopback for DNS **/add allow udp from any to any 53 via lo0add allow > udp from any 53 to any via lo0 > /** Set Loopback for SNMP **/add allow udp from any to any 161 via lo0add > allow udp from any 161 to any via lo0 > /** Blocked TCP and UDP Ports **/add deny tcp from any to any 135add deny udp > from any to any 1434add deny tcp from any to any 2025add deny tcp from any to > any 1243add deny tcp from any to any 27374add deny udp from any to any 31337 > /** Allow setup of any other TCP connection **/add allow tcp from any to any > setup > /**************************//** Allow UDP to > outside/**************************/add allow udp from oip to any out via oif > keep-stateadd allow udp from oip to any in via oif keep-state > /**************************//** Allow ping to > outside/**************************/add allow icmp from any to any > /*******************************//** Log all unrecognize > attempt/*******************************/add deny all from any to not oip in > via oifadd deny log all from any to any > add deny tcp from 192.168.0.1 to anyAhmet FIRAT <[EMAIL PROTECTED]> > wrote: > > > > > kenelde ipfw iin neler var neler yazdiniz ? onlari iletebilirmisniiz ? > > ----- Original Message ----- > From: --------------------------------------------------------------------- Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
