> /etc/ipnat.rules echo "rdr "$ADSLDEV" "$ADSLIP"/32 port 5222。IPFILTER 使用FreeBSD配置基于ADSL的VPN防火墙网关( 四 )。" />

云南龙网

  1. 首页 > 云知道 > >

IPFILTER 使用FreeBSD配置基于ADSL的VPN防火墙网关( 四 )

云知道


then
echo ""
echo "#把对ADSL拨号IP的JABBER(客户端口5222和服务器端口5269)服务映射到服务网络的JABBER服务器上" >> /etc/ipnat.rules
echo "rdr "$ADSLDEV" "$ADSLIP"/32 port 5222 -> "$INTARNJABBER" port 5222" >> /etc/ipnat.rules
echo "rdr "$ADSLDEV" "$ADSLIP"/32 port 5269 -> "$INTARNJABBER" port 5269" >> /etc/ipnat.rules
fi

#动态生成ipf.rules规则
echo "#######################################################" > /etc/ipf.rules
echo "#/etc/ipf.rules #" >> /etc/ipf.rules
echo "#######################################################" >> /etc/ipf.rules
echo "#阻塞所有存在安全问题的数据包">> /etc/ipf.rules
echo "block in log quick all with short" >> /etc/ipf.rules
echo "block in log quick all with ipopts" >> /etc/ipf.rules
echo "block in log quick all with frag" >> /etc/ipf.rules
echo "block in log quick all with opt lsrr" >> /etc/ipf.rules
echo "block in log quick all with opt ssrr" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#外部网络的数据只有FTP(使用20和21端口)、www、dns、smtp、pop3、mysql、ssh、rtsp、jabber和ssl的服务可以进入" >> /etc/ipf.rules
if [ $INTARNFTP != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 20 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 21 keep state" >> /etc/ipf.rules
fi
if [ $INTARNSSH != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 22 keep state" >> /etc/ipf.rules
fi
if [ $INTARNEMAIL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 25 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 110 keep state" >> /etc/ipf.rules
fi
if [ $INTARNDNS != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto udp from any to any port = 53 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto udp from any port = 53 to any keep state" >> /etc/ipf.rules
fi
if [ $INTARNWEB != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 80 keep state" >> /etc/ipf.rules
fi
if [ $INTARNSSL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 443 keep state" >> /etc/ipf.rules
fi
if [ $INTARNRTSP != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 554 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto udp from any to any port = 554 keep state" >> /etc/ipf.rules
fi
if [ $INTARNMYSQL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 3306 keep state" >> /etc/ipf.rules
fi
if [ $INTARNJABBER != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 5222 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 5269 keep state" >> /etc/ipf.rules
fi
echo "" >> /etc/ipf.rules
echo "#阻塞内部网络访问以下指定IP地址" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to any port = 8000 #不能连接QQ " >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 61.141.194.202 #不能连接QQ " >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 61.141.194.207 #不能连接QQ" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 61.141.238.145 #不能连接QQ" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 61.144.238.146 #不能连接QQ" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 218.17.209.18 #不能连接QQ" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 218.17.209.23 #不能连接QQ" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 219.133.40.15 #不能连接QQ " >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 202.104.129.242 #不能连接QQ" >> /etc/ipf.rules

推荐阅读


上一篇:什么叫零售

下一篇:微信中将图片放到收藏具体操作方法