Re: [FreeBSD] pf kuralları

Sat, 26 Apr 2008 05:37:11 -0700 

Merhabalar,
pass in quick log on $int_if proto tcp from $lan_net to any port { 22,25,80,110,8080,12200,443,444,53 } flags S/SA keep state 


kuralinda ic agdan gelen smtp, pop vs isteklerin tum her yere gitmesine 
izin vermissiniz. Kuralinizi



pass in quick log on $int_if proto tcp from $lan_net to* 
$FIREWALL_IC_IP_ADRESI p*ort { 22,25,80,110,8080,12200,443,444,53 } 
flags S/SA keep state




seklinde degistirirseniz kullanicilariniz sadece ic mail sunucu ile 
haberlesebilir.



vys yazmış:

Merhabalar,

 
pf kurallarımda herşeyi blockladıktan sonra localden firewall 25,110 
portlarına izin verdim. şimdi burda yapmak istediğim firewall makinem 
ve mail sunucum aynı makine içerideki kullanıcılarımın sadece 
içerideki mail sunucumla  haberleşmesini sağlıyorum firewall 
kurallarında mail sunucumun dışarı çıkmasına izin vermeme rağmen 
içerideki kullanıcılarda dışarıdaki bir mail sunucuyla bağlantı 
kurabiliryor landaki kullanıcılarımın 25 ve 110 portları dışarıyla 
bağlantısını nasıl engelleyebilirim. ben kuralların en başında herşeyi 
blocklayıp sonra iç ağdan fw ye 25 ve 110 portlarını açmama rağmen 
neden dışarıya çıkar. kurallarda yapmış olduğum hatayı 
bulamıyorum.yardımcı olacak arkadaşlara şimdi den teşeker ederim.
 
 ###################################################

# Macros
###################################################
lan_net = "{ 10.0.0.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24  }"
int_if = "bge0"
ext_if = "vr0"
ext_if2 = "vr1"
ext_gw1 = "192.168.100.213"
ext_gw2 = "192.168.110.25"
fwips = "{127.0.0.1, 10.0.0.2, 192.168.100.212, 192.168.110.26}"
##################################################
#Nat Kurallari
##################################################
nat on $ext_if from $lan_net to any -> ($ext_if)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
nat on $ext_if proto tcp from self to any port smtp  tag IF2 -> ($ext_if2)
nat on $ext_if proto tcp from self to any port pop3  tag IF2 -> ($ext_if2)

 
rdr on $int_if proto tcp from any to any port 80 -> 10.0.0.2 port 8080
 
##################################################

#Kurallar
##################################################

 
block in log-all all

block out log-all all
pass in  quick on lo0 all
pass out quick on lo0 all

 
##################################################

#Lan_net ten Firewalla izin verilen Portlar
##################################################

pass in quick log on $int_if proto tcp from $lan_net to any port { 
22,25,80,110,8080,12200,443,444,53 } flags S/SA keep state

##################################################
# Firewalla izin veriliyor <E7><FD>k<FD><FE>lar
##################################################

 
pass out quick on $ext_if route-to ($ext_if2 $ext_gw2) tagged IF2 keep 
state
 
pass out quick log on $ext_if proto {tcp,udp} from $fwips to any  keep 
state
pass out quick log on $ext_if2 proto {tcp,udp} from $fwips to any  
keep state


FreeBSD 6 kitabi: http://www.acikakademi.com/catalog/freebsd6
---------------------------------------------------------------------
Listeye soru sormadan once lutfen http://ipucu.enderunix.org sitesine bakiniz.

Cikmak icin, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://news.gmane.org/gmane.org.user-groups.bsd.turkey
























					Cevap