vlastni soubor pravidel pro IPFW

Milan Cizek cizek.milan at seznam.cz
Mon Jun 16 20:13:01 CEST 2003

Previous message: prohledavani souboru
Next message: nastavenie a kontorla passwordou
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ahoj,
nedari se mi zprovoznit nacteni pravidel do IPFW, z meho vlastniho
souboru. V rc.conf mam:

firewall_enable="YES"
firewall_type="/rc.firewall.rules"
firewall_quiet="YES"
firewall_logging="YES"

dival jsem se ruzne po internetu i do manualu, nasel jsem ale hodne
rozdilnych zpusobu, a popravde jsem neprisel na zadny funkcni. Podle
manualu k rc.conf by se mel soubor zadat s plnou cestou primo do
firewall_type, to my ale nechodi - vzdy se mi prida jen jedine pravidlo
s cisle 65535 (jakoby OPEN typ). Jeste by mohl byt problem se samotnym
souborem pravidel, takze uvadim take:

fwcmd="/sbin/ipfw -q"

${fwcmd} -f flush

${fwcmd} add 00100 pass all from any to any via lo0
${fwcmd} add 00200 deny all from any to 127.0.0.0/8
${fwcmd} add 00300 deny ip from 127.0.0.0/8 to any
${fwcmd} add 00050 divert natd ip from any to any via wi0

${fwcmd} pipe 10 config bw 256Kbit/s

${fwcmd} queue 100 pipe 10 weight 50
${fwcmd} queue 101 pipe 10 weight 50

${fwcmd} add queue 100 ip from any to 10.0.1.10 via wi0
${fwcmd} add queue 101 ip from any to 10.0.2.254 via wi0

# vsem ostatnim je pristup zakazan
${fwcmd} add 1000 deny all from any to any via wi0

${fwcmd} add 65535 allow ip from any to any

Diky za pomoc.
Milan, FreeBSD rel.5

Previous message: prohledavani souboru
Next message: nastavenie a kontorla passwordou
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list