wiki:freebsd:ipfw
Различия
Показаны различия между двумя версиями страницы.
Предыдущая версия справа и слеваПредыдущая версияСледующая версия | Предыдущая версия | ||
wiki:freebsd:ipfw [2024/01/07 15:06] – [NTPd] Diman | wiki:freebsd:ipfw [2024/01/29 14:41] (текущий) – Diman | ||
---|---|---|---|
Строка 26: | Строка 26: | ||
pkg update && pkg upgrade | pkg update && pkg upgrade | ||
- | pkg install -y mc nano rsync screen | + | pkg install -y mc nano rsync tmux bash htop bind-tools |
# replace bash for root | # replace bash for root | ||
Строка 51: | Строка 51: | ||
net.fibs=" | net.fibs=" | ||
+ | </ | ||
+ | |||
+ | ==== Работающий в первый же запуск скрипт ipfw ==== | ||
+ | |||
+ | <code bash> | ||
echo '# | echo '# | ||
Строка 61: | Строка 66: | ||
$cmd add deny all from 127.0.0.0/8 to any | $cmd add deny all from 127.0.0.0/8 to any | ||
$cmd add deny all from any to any frag | $cmd add deny all from any to any frag | ||
- | + | ||
- | $cmd add check-state | + | |
- | $cmd add allow tcp from any to any established | + | |
- | $cmd add allow all from any to any out keep-state | + | |
- | + | ||
# ssh | # ssh | ||
$cmd table admin create missing | $cmd table admin create missing | ||
$cmd table admin add 10.1.1.0/24 | $cmd table admin add 10.1.1.0/24 | ||
$cmd table admin add 192.168.10.0/ | $cmd table admin add 192.168.10.0/ | ||
+ | |||
+ | $cmd add check-state | ||
+ | #$cmd add allow tcp from any to any established | ||
+ | $cmd add allow all from any to any out keep-state | ||
$cmd add allow ip from " | $cmd add allow ip from " | ||
- | |||
- | # HTTP && HTTPS | ||
- | $cmd add allow tcp from any to me 443 in limit src-addr 50 | ||
- | $cmd add allow tcp from any to me 80 in limit src-addr 20 | ||
- | |||
- | |||
- | $cmd add allow tcp from me to any 25 out | ||
- | $cmd add allow tcp from any 25 to me in | ||
# Ping | # Ping | ||
$cmd add allow icmp from " | $cmd add allow icmp from " | ||
$cmd add allow icmp from me to " | $cmd add allow icmp from me to " | ||
+ | |||
$cmd add allow all from any to any | $cmd add allow all from any to any | ||
- | |||
$cmd add deny log all from any to any' > / | $cmd add deny log all from any to any' > / | ||
Строка 92: | Строка 88: | ||
sysrc firewall_script="/ | sysrc firewall_script="/ | ||
sysrc firewall_logging=" | sysrc firewall_logging=" | ||
- | |||
</ | </ | ||
Строка 129: | Строка 124: | ||
service ntpd start | service ntpd start | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== Включение NAT ==== | ||
+ | |||
+ | |||
+ | <code bash> | ||
+ | |||
+ | sysrc gateway_enable=" | ||
</ | </ |
wiki/freebsd/ipfw.1704629198.txt.gz · Последнее изменение: 2024/01/07 15:06 — Diman