freebsd ipf+ipnat+ipfw建立带流量控制的透明网关(4) echo '#/etc/ipf.rules #' >> /etc/ipf.rules echo '#######################################################' >> /etc/ipf.rules echo '#阻塞所有存在安全问题的数据包'>> /etc/ipf.rules echo 'block in log quick all with short' >> /etc/ipf.rules echo 'block in log quick all with ipopts' >> /etc/ipf.rules echo 'block in log quick all with frag' >> /etc/ipf.rules echo 'block in log quick all with opt lsrr' >> /etc/ipf.rules echo 'block in log quick all with opt ssrr' >> /etc/ipf.rules echo '' >> /etc/ipf.rules echo '#外部网络的数据只有FTP(使用20和21端口)、www、dns、smtp、pop3、mysql、ssh、rtsp、jabber和ssl的服务可以进入' >> /etc/ipf.rules if [ $INTARNFTP != "0.0.0.0" ] then echo 'pass in quick on '$ADSLDEV' proto tcp from any to any port = 20 keep state' >> /etc/ipf.rules echo 'pass in quick on '$ADSLDEV' proto tcp from any to any port = 21 keep state' >> /etc/ipf.rules fi if [ $INTARNSSH != "0.0.0.0" ] then echo 'pass in quick on '$ADSLDEV' proto tcp from any to any port = 22 keep state' >> /etc/ipf.rules fi if [ $INTARNEMAIL != "0.0.0.0" ] then echo 'pass in quick on '$ADSLDEV' proto tcp from any to any port = 25 keep state' >> /etc/ipf.rules echo 'pass in quick on '$ADSLDEV' proto tcp from any to any port = 110 keep state' >> /etc/ipf.rules fi if [ $INTARNDNS != "0.0.0.0" ] then echo 'pass in quick on '$ADSLDEV' proto udp from any to any port = 53 keep state' >> /etc/ipf.rules echo 'pass out quick on '$ADSLDEV' proto udp from any port = 53 to any keep state' >> /etc/ipf.rules fi if [ $INTARNWEB != "0.0.0.0" ] then echo 'pass in quick on '$ADSLDEV' proto tcp from any to any port = 80 keep state' >> /etc/ipf.rules fi if [ $INTARNSSL != "0.0.0.0" ] then echo 'pass in quick on '$ADSLDEV' proto tcp from any to any port = 443 keep state' >> /etc/ipf.rules fi if [ $INTARNRTSP != "0.0.0.0" ]
