wiki:freebsd:ipfw
Различия
Показаны различия между двумя версиями страницы.
| Предыдущая версия справа и слеваПредыдущая версияСледующая версия | Предыдущая версия | ||
| wiki:freebsd:ipfw [2024/01/07 15:05] – [Включение ipfw] Diman | wiki:freebsd:ipfw [2024/01/29 14:41] (текущий) – Diman | ||
|---|---|---|---|
| Строка 26: | Строка 26: | ||
| pkg update && pkg upgrade | pkg update && pkg upgrade | ||
| - | pkg install -y mc nano rsync screen | + | pkg install -y mc nano rsync tmux bash htop bind-tools |
| # replace bash for root | # replace bash for root | ||
| Строка 51: | Строка 51: | ||
| net.fibs=" | net.fibs=" | ||
| + | </ | ||
| + | |||
| + | ==== Работающий в первый же запуск скрипт ipfw ==== | ||
| + | |||
| + | <code bash> | ||
| echo '# | echo '# | ||
| Строка 61: | Строка 66: | ||
| $cmd add deny all from 127.0.0.0/8 to any | $cmd add deny all from 127.0.0.0/8 to any | ||
| $cmd add deny all from any to any frag | $cmd add deny all from any to any frag | ||
| - | + | ||
| - | $cmd add check-state | + | |
| - | $cmd add allow tcp from any to any established | + | |
| - | $cmd add allow all from any to any out keep-state | + | |
| - | + | ||
| # ssh | # ssh | ||
| $cmd table admin create missing | $cmd table admin create missing | ||
| $cmd table admin add 10.1.1.0/24 | $cmd table admin add 10.1.1.0/24 | ||
| $cmd table admin add 192.168.10.0/ | $cmd table admin add 192.168.10.0/ | ||
| + | |||
| + | $cmd add check-state | ||
| + | #$cmd add allow tcp from any to any established | ||
| + | $cmd add allow all from any to any out keep-state | ||
| $cmd add allow ip from " | $cmd add allow ip from " | ||
| - | |||
| - | # HTTP && HTTPS | ||
| - | $cmd add allow tcp from any to me 443 in limit src-addr 50 | ||
| - | $cmd add allow tcp from any to me 80 in limit src-addr 20 | ||
| - | |||
| - | |||
| - | $cmd add allow tcp from me to any 25 out | ||
| - | $cmd add allow tcp from any 25 to me in | ||
| # Ping | # Ping | ||
| $cmd add allow icmp from " | $cmd add allow icmp from " | ||
| $cmd add allow icmp from me to " | $cmd add allow icmp from me to " | ||
| + | |||
| $cmd add allow all from any to any | $cmd add allow all from any to any | ||
| - | |||
| $cmd add deny log all from any to any' > / | $cmd add deny log all from any to any' > / | ||
| Строка 92: | Строка 88: | ||
| sysrc firewall_script="/ | sysrc firewall_script="/ | ||
| sysrc firewall_logging=" | sysrc firewall_logging=" | ||
| - | |||
| </ | </ | ||
| Строка 127: | Строка 122: | ||
| sysrc ntpdate_hosts=" | sysrc ntpdate_hosts=" | ||
| sysrc ntpd_sync_on_start=" | sysrc ntpd_sync_on_start=" | ||
| + | |||
| + | service ntpd start | ||
| + | |||
| + | </ | ||
| + | |||
| + | ==== Включение NAT ==== | ||
| + | |||
| + | |||
| + | <code bash> | ||
| + | |||
| + | sysrc gateway_enable=" | ||
| </ | </ | ||
wiki/freebsd/ipfw.1704629103.txt.gz · Последнее изменение: 2024/01/07 15:05 — Diman