Ipf+ipnat+ipfw建立带流量控制的透明网关( 三 ) _云知道

echo "block in log quick all with opt ssrr" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#外部网络的数据只有FTP(使用20和21端口)、www、dns、smtp、pop3、mysql、ssh、rtsp、jabber和ssl的服务可以进入"
>> /etc/ipf.rules
if [ $INTARNFTP != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 20 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 21 keep state" >> /etc/ipf.rules
fi
if [ $INTARNSSH != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 22 keep state" >> /etc/ipf.rules
fi
if [ $INTARNEMAIL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 25 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 110 keep state" >> /etc/ipf.rules
fi
if [ $INTARNDNS != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto udp from any to any port = 53 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto udp from any port = 53 to any keep state" >> /etc/ipf.rules
fi
if [ $INTARNWEB != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 80 keep state" >> /etc/ipf.rules
fi
if [ $INTARNSSL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 443 keep state" >> /etc/ipf.rules
fi
if [ $INTARNRTSP != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 554 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto udp from any to any port = 554 keep state" >> /etc/ipf.rules
fi
if [ $INTARNMYSQL != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 3306 keep state" >> /etc/ipf.rules
fi
if [ $INTARNJABBER != "0.0.0.0" ]
then
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 5222 keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 5269 keep state" >> /etc/ipf.rules
fi
echo "" >> /etc/ipf.rules
echo "#阻塞内部网络访问以下指定IP地址" >> /etc/ipf.rules
echo "block out quick proto tcp/udp from any to any port = 6995 #不能连接BT " >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#内部网络可以访问外部网络" >> /etc/ipf.rules
echo "pass out log on "$ADSLDEV" proto icmp all keep state" >> /etc/ipf.rules
echo "pass out log on "$ADSLDEV" proto tcp/udp from any to any keep state" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#阻塞外部网络的其它请求" >> /etc/ipf.rules
echo "block return-rst in log on "$ADSLDEV" proto tcp from any to "$ADSLIP" flags S/SA" >> /etc/ipf.rules
echo "block return-icmp(net-unr) in log on "$ADSLDEV" proto udp from any to "$ADSLIP"" >> /etc/ipf.rules
echo "block in log on "$ADSLDEV" all" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#阻塞内部网络访问以下指定IP地址" >> /etc/ipf.rules
echo "#block in log quick on "$ADSLDEV" proto tcp from any to 202.106.185.77 flags S/SA #不能连接163.com" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#内部网络的数据全部可以通过防火墙" >> /etc/ipf.rules
echo "pass in on "$INTARNDEV" all" >> /etc/ipf.rules
echo "pass out on "$INTARNDEV" all" >> /etc/ipf.rules
echo "pass in on lo0 all" >> /etc/ipf.rules
echo "pass out on lo0 all" >> /etc/ipf.rules
echo "" >> /etc/ipf.rules
echo "#让VPN能通过防火墙" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 47 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto tcp from any port = 47 to any keep state" >> /etc/ipf.rules
echo "pass in quick on "$ADSLDEV" proto tcp from any to any port = 1723 keep state" >> /etc/ipf.rules
echo "pass out quick on "$ADSLDEV" proto tcp from any port = 1723 to any keep state" >> /etc/ipf.rules

Ipf+ipnat+ipfw建立带流量控制的透明网关( 三 )

推荐阅读

没有啤酒起子怎么打开

白毫银针冲泡呈现出的品质特点是

emui11怎么设置免打扰

张麻子什么电影张麻子是哪部电影的角色

立秋代表什么

粉刷腻子要注意什么刷腻子的注意事项

蒸扇贝需要几分钟

硫代乙酰胺试液如何配制，硫代乙酰胺试液配制方法

刘思琦变形计是哪一期

华为nova7系列搭载麒麟985 华为nova7怎么样值得买吗参数

仙侠道姬霜用什么技能最好,白鹭游戏《仙侠道2》四大职业揭秘

阜阳房价是不是在下降,安徽阜阳的房价会下降吗

斗三国国王有什么用,帝王三国国王称号

如何比较GE矩阵与BCG矩阵?它们的相同和不同点是什么?

实时水泥价格市场水泥价格怎么查询今日价格

女孩子脸上长痘可能很正常，但你懂得这样去调理吗