IPFILTER 使用FreeBSD配置基于ADSL的VPN防火墙网关( 五 ) _云知道

echo "block out quick proto tcp/udp from any to 202.104.129.251 #不能连接QQ" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 202.104.129.252 #不能连接QQ" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 202.104.129.254 #不能连接QQ" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to 204.134.15.1 #不能连接QQ" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#内部网络可以访问外部网络" >> /etc/ipf.rules
echo "pass out log on "$ADSLDEV" proto icmp all keep state" >> /etc/ipf.rules
echo "pass out log on "$ADSLDEV" proto tcp/udp from any to any keep state" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#阻塞外部网络的其它请求" >> /etc/ipf.rules
echo "block return-rst in log on "$ADSLDEV" proto tcp from any to "$ADSLIP" flags S/SA" >> /etc/ipf.rules
echo "block return-icmp(net-unr) in log on "$ADSLDEV" proto udp from any to "$ADSLIP"" >> /etc/ipf.rules
echo "block in log on "$ADSLDEV" all" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#阻塞内部网络访问以下指定IP地址" >> /etc/ipf.rules
echo "#block in log quick on rl1 proto tcp from any to 202.106.185.77 flags S/SA #不能连接163.com" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#内部网络的数据全部可以通过防火墙" >> /etc/ipf.rules
echo "pass in on "$INTARNDEV" all" >> /etc/ipf.rules
echo "pass out on "$INTARNDEV" all" >> /etc/ipf.rules
echo "pass in on lo0 all" >> /etc/ipf.rules
echo "pass out on lo0 all" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#让VPN能通过防火墙" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 47 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto tcp from any port = 47 to any keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 1723 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto tcp from any port = 1723 to any keep state" >> /etc/ipf.rules
echo "pass in proto gre from any to any keep state" >> /etc/ipf.rules
echo "pass out proto gre from any to any keep state" >> /etc/ipf.rules
echo "pass in on ng0 all" >> /etc/ipf.rules
echo "pass out on ng0 all" >> /etc/ipf.rules

/sbin/ipf -Fa -f /etc/ipf.rules
/sbin/ipnat -CF -f /etc/ipnat.rules

############################## END ADSLIP.SH #################################

最后我们还要在/etc/rc.conf中加入以下命令行：
gateway_enable="YES"
到这里我们就完成了基于ADSL的VPN防火墙(IPFILTER)网关的安装和配置，至于如何做你的防火墙规则就看你自己了以上只是一个样板而已。

IPFILTER 使用FreeBSD配置基于ADSL的VPN防火墙网关( 五 )

推荐阅读

语体的四种类型语体的四种类型是什么

脏橘色发色适合上班族吗

提打挺松分别指什么

怎么带口罩耳朵不疼

二十边形的内角和是多少

文明6神级难度管理市民方法神级难度如何管理市民

梦见开会被表扬梦见开会被表扬预示着什么

自制高粱酒能带上火车吗高粱酒能带上高铁吗

汽车下支臂球头损坏会怎么样

白板笔点了下自行车漆会腐蚀吗

怎么申请第二个快手号

?德牧幼犬怎么喂养

失魂落魄初二叙事作文

如何选择面包机

精华水到底是水还是精华精华水和精华液一样吗

茄汁炒蘑菇怎么做茄汁炒蘑菇的做法