Ipf+ipnat+ipfw建立带流量控制的透明网关( 三 ) _云知道

echo "block in log quick all with opt ssrr" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#外部网络的数据只有FTP(使用20和21端口)、www、dns、smtp、pop3、mysql、ssh、rtsp、jabber和ssl的服务可以进入"
>> /etc/ipf.rules
if [ $INTARNFTP != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 20 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 21 keep state" >> /etc/ipf.rules
fi
if [ $INTARNSSH != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 22 keep state" >> /etc/ipf.rules
fi
if [ $INTARNEMAIL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 25 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 110 keep state" >> /etc/ipf.rules
fi
if [ $INTARNDNS != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto udp from any to any port = 53 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto udp from any port = 53 to any keep state" >> /etc/ipf.rules
fi
if [ $INTARNWEB != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 80 keep state" >> /etc/ipf.rules
fi
if [ $INTARNSSL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 443 keep state" >> /etc/ipf.rules
fi
if [ $INTARNRTSP != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 554 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto udp from any to any port = 554 keep state" >> /etc/ipf.rules
fi
if [ $INTARNMYSQL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 3306 keep state" >> /etc/ipf.rules
fi
if [ $INTARNJABBER != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 5222 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 5269 keep state" >> /etc/ipf.rules
fi
echo "" >> /etc/ipf.rules
echo "#阻塞内部网络访问以下指定IP地址" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to any port = 6995 #不能连接BT " >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#内部网络可以访问外部网络" >> /etc/ipf.rules
echo "pass out log on "$ADSLDEV" proto icmp all keep state" >> /etc/ipf.rules
echo "pass out log on "$ADSLDEV" proto tcp/udp from any to any keep state" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#阻塞外部网络的其它请求" >> /etc/ipf.rules
echo "block return-rst in log on "$ADSLDEV" proto tcp from any to "$ADSLIP" flags S/SA" >> /etc/ipf.rules
echo "block return-icmp(net-unr) in log on "$ADSLDEV" proto udp from any to "$ADSLIP"" >> /etc/ipf.rules
echo "block in log on "$ADSLDEV" all" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#阻塞内部网络访问以下指定IP地址" >> /etc/ipf.rules
echo "#block in log quick on "$ADSLDEV" proto tcp from any to 202.106.185.77 flags S/SA #不能连接163.com" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#内部网络的数据全部可以通过防火墙" >> /etc/ipf.rules
echo "pass in on "$INTARNDEV" all" >> /etc/ipf.rules
echo "pass out on "$INTARNDEV" all" >> /etc/ipf.rules
echo "pass in on lo0 all" >> /etc/ipf.rules
echo "pass out on lo0 all" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#让VPN能通过防火墙" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 47 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto tcp from any port = 47 to any keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 1723 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto tcp from any port = 1723 to any keep state" >> /etc/ipf.rules

Ipf+ipnat+ipfw建立带流量控制的透明网关( 三 )

推荐阅读

猪价延续稳中慢涨势头低价区出现补涨机会

六个一律是什么

梦见空梦见空棺材是什么意思

春雨像什么春天的雨像什么

梦见朋友手受伤梦见朋友手受伤什么预兆

中蜂怎么春繁为宜需做好这三点

养乌龟冬天该怎么办乌龟冬天养法

信用卡逾期可以贷房贷吗

他排第一我服气精灵梦叶罗丽：动漫中让人痴迷的笑容

农业农村部畜牧兽医局关于征求《兽用生物制品研发、生产和检验中使

地丸子是什么意思,吃丸子是什么意思

腾讯信用分打哪个电话是多少钱,腾讯信用多少分是优秀

跳蚤市场六年级作文8篇

理工大学女生学什么好,武汉理工大学学什么专业好

如何寻找目标顾客

初三语文月考作文