forum.opennet.ru

Составление сообщения

Исходное сообщение

"FreeBSD 6.2 то пингуется то не пингуется из мира"
Отправлено beststar, 25-Янв-08 11:14

    # set these to your outside interface network and netmask and ip
    oif="fxp0"
    onet="88.xxx.xxx.72"
    omask="255.255.255.248"
    oip="88.xxx.xxx.74"
    # set these to your inside interface network and netmask and ip
    iif="vr0"
    inet="10.10.0.0"
    imask="255.255.255.0"
    iip="10.10.0.200"
    setup_loopback
    # Stop spoofing
    ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
    ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
    # Stop RFC1918 nets on the outside interface
    ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
    ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
    ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
    # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
    # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
    # on the outside interface
    ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
    ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
    ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
    ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
    ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}
    # Network Address Translation.  This rule is placed here deliberately
    # so that it does not interfere with the surrounding address-checking
    # rules.  If for example one of your internal LAN machines had its IP
    # address set to 192.0.2.1 then an incoming packet for it after being
    # translated by natd(8) would match the `deny' rule above.  Similarly
    # an outgoing packet originated from it before being translated would
    # match the `deny' rule below.
    case ${natd_enable} in
    [Yy][Ee][Ss])
        if [ -n "${natd_interface}" ]; then
            ${fwcmd} add divert natd all from any to any via ${natd_interface}
        fi
        ;;
    esac
    # Stop RFC1918 nets on the outside interface
    ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
    ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
    ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
    # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
    # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
    # on the outside interface
    ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
    ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
    ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
    ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
    ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
    # Allow TCP through if setup succeeded
    ${fwcmd} add pass tcp from any to any established
    # Allow IP fragments to pass through
    ${fwcmd} add pass all from any to any frag
    # 21 FTP and ICMP
    ${fwcmd} add pass tcp from any to ${oip} 21 setup
    ${fwcmd} add pass tcp from any to ${oip} 49152-65535 setup
    ${fwcmd} add pass icmp from any to any  icmptypes 0,8,11


    # 22 SSH
    ${fwcmd} add pass tcp from any to ${oip} 22 setup
    # Allow setup of incoming email
    ${fwcmd} add pass tcp from any to ${oip} 25 setup
    # Allow access to our DNS
    ${fwcmd} add pass tcp from any to ${oip} 53 setup
    ${fwcmd} add pass udp from any to ${oip} 53
    ${fwcmd} add pass udp from ${oip} 53 to any
    # Allow access to our WWW
    ${fwcmd} add pass tcp from any to ${oip} 80 setup
    # Reject&Log all setup of incoming connections from the outside
    ${fwcmd} add deny log tcp from any to any in via ${oif} setup
    # Allow setup of any other TCP connection
    ${fwcmd} add pass tcp from any to any setup
    # Allow DNS queries out in the world
    ${fwcmd} add pass udp from ${oip} to any 53 keep-state
    # Allow NTP queries out in the world
    ${fwcmd} add pass udp from ${oip} to any 123 keep-state
    # Everything else is denied by default, unless the
    # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
    # config file.
    ;;

Исходное сообщение
"FreeBSD 6.2 то пингуется то не пингуется из мира" Отправлено beststar, 25-Янв-08 11:14
# set these to your outside interface network and netmask and ip oif="fxp0" onet="88.xxx.xxx.72" omask="255.255.255.248" oip="88.xxx.xxx.74" # set these to your inside interface network and netmask and ip iif="vr0" inet="10.10.0.0" imask="255.255.255.0" iip="10.10.0.200" setup_loopback # Stop spoofing ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} # Network Address Translation. This rule is placed here deliberately # so that it does not interfere with the surrounding address-checking # rules. If for example one of your internal LAN machines had its IP # address set to 192.0.2.1 then an incoming packet for it after being # translated by natd(8) would match the `deny' rule above. Similarly # an outgoing packet originated from it before being translated would # match the `deny' rule below. case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd all from any to any via ${natd_interface} fi ;; esac # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # 21 FTP and ICMP ${fwcmd} add pass tcp from any to ${oip} 21 setup ${fwcmd} add pass tcp from any to ${oip} 49152-65535 setup ${fwcmd} add pass icmp from any to any icmptypes 0,8,11 # 22 SSH ${fwcmd} add pass tcp from any to ${oip} 22 setup # Allow setup of incoming email ${fwcmd} add pass tcp from any to ${oip} 25 setup # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any # Allow access to our WWW ${fwcmd} add pass tcp from any to ${oip} 80 setup # Reject&Log all setup of incoming connections from the outside ${fwcmd} add deny log tcp from any to any in via ${oif} setup # Allow setup of any other TCP connection ${fwcmd} add pass tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from ${oip} to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from ${oip} to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;;

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру