内容摘要:使用IP Filter设置小型企业防火墙
map fxp0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp
map fxp0 192.168.0.0/24 -> 0/32 portmap tcp/udp 10000:30000
map fxp0 192.168.0.0/24 -> 0/32
map fxp0 192.168.80.0/24 -> 0/32 portmap tcp/udp 300001:60000
map fxp0 192.168.80.0/24 -> 0/32 portmap
rdr fxp0 x.x.x.x/32 port 80 -> 192.168.0.2 port 80
rdr fxp0 x.x.x.x/32 port ftp -> 192.168.0.3 port ftp
rdr fxp0 x.x.x.x/32 port 30001-50000 -> 192.168.80.3 port 30001 tcp2、设置包过滤ipfilter。在/etc下新建文件ipf.rules,内容为:
block in log quick all with short
block in log quick all with ipopts
block in log quick all with frag
block in log quick all with opt lsrr
block in log quick all with opt ssrr以上五句为过滤掉可能会带来安全问题的短数据包或具备路由信息的数据包以及防止非法扫描服务器
pass out on xl0 all
pass in on xlo all
pass out on xl1 all
pass in on xl1 all
pass out quick on lo0 all
pass in quick on lo0 all以上为内部网络界面和loopback网络界面可以自由发送和接受数据包
block out on fxp0 all
以上为屏蔽外部网络界面向外发送数据包
block out log on fxp0 from any to 192.168.0.0/16
block out log quick on fxp0 from any to 0.0.0.0/8
block out log quick on fxp0 from any to 169.254.0.0/8
block out log quick on fxp0 from any to 10.0.0.0/8
block out log quick on fxp0 from any to 127.16.0.0/12
block out log quick on fxp0 from any to 127.0.0.0/8
block out log quick on fxp0 from any to 192.0.2.0/24
block out log quick on fxp0 from any to 204.152.64.0/23
block out log quick on fxp0 from any to 224.0.0.0/3
责编:豆豆技术应用
正在加载评论...