Каркас iptables, ipfw, pf

outif="eth1"
iptables -F
iptables -i $outif -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -i $outif -P INPUT DROP
iptables -i $outif -P OUTPUT ACCEPT

1

2

3

4

5

outif="eth1"

iptables -F

iptables -i $outif -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -i $outif -P INPUT DROP

iptables -i $outif -P OUTPUT ACCEPT

outif="rl0"
ipfw add allow ip from any to any via lo0
ipfw add allow ip from me to any via $outif
ipfw add allow tcp from any to me established via $outif
#ipfw add allow tcp from any 80 to me via $outif
ipfw add deny ip from any to any via $outif

1

2

3

4

5

6

outif="rl0"

ipfw add allow ip from any to any via lo0

ipfw add allow ip from me to any via $outif

ipfw add allow tcp from any to me established via $outif

#ipfw add allow tcp from any 80 to me via $outif

ipfw add deny ip from any to any via $outif

outif="rl0"
set skip on lo0
block all
pass out on $outif from $outif to any keep state
#pass in on $outif proto from any to $outif port 80

1

2

3

4

5

outif="rl0"

set skip on lo0

block all

pass out on $outif from $outif to any keep state

#pass in on $outif proto from any to $outif port 80

Записи сисадмина

Каркас iptables, ipfw, pf

Posted on 15. Januar 201715. Januar 2017 by dominator by dominator