<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> <TITLE>Firewall And Proxy Server HOWTO: IP $B%U%#%k%?%j%s%0$N@_Dj(B(IPFWADM)</TITLE> <LINK HREF="Firewall-HOWTO-8.html" REL=next> <LINK HREF="Firewall-HOWTO-6.html" REL=previous> <LINK HREF="Firewall-HOWTO.html#toc7" REL=contents> </HEAD> <BODY> <A HREF="Firewall-HOWTO-8.html">$B<!$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO-6.html">$BA0$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO.html#toc7">$BL\<!$X(B</A> <HR> <H2><A NAME="s7">7. IP $B%U%#%k%?%j%s%0$N@_Dj(B(IPFWADM)</A></H2> <P> $B%+!<%M%k(B 2.1.102 $B0J>e$r;H$C$F$$$k$J$i$3$N>O$rHt$P$7$F!"<!$N(B IPCHAINS $B$N(B $B>O$K?J$s$G$/$@$5$$!#(B <P>$B0JA0$N%+!<%M%k$G$O(B IP Forwarding $B$O%G%U%)%k%H$G%+!<%M%k$KAH$_9~$^$l(B $BM-8z$K$J$C$F$$$^$9!#(B $B=>$C$F!"%M%C%H%o!<%/$r@_Dj$9$k>l9g$O!"$^$:A4$F$r5qH]$7!"(B $B0JA0$KCV$+$l$F$$$?(B ipfw $B$N%k!<%k$rGK4~$9$k$Y$-$G$9!#(B $B0J2<$N$h$&$J%9%/%j%W%H(B ($B$N0lItJ,(B) $B$r!"%M%C%H%o!<%/$N5/F0%9%/%j%W%H(B (/etc/rc.d/init.d/network) $B$K=q$$$F$*$+$J$1$l$P$$$1$^$;$s!#(B <P> <P> <PRE> # # IP packet Accounting $B$H(B Forwarding $B$N@_Dj(B # # Forwarding # # $B%G%U%)%k%H$GA4$F$N%5!<%S%9$rIT5v2D$K$9$k!#(B ipfwadm -F -p deny # $BA4$F$N%3%^%s%I$rGK4~$9$k!#(B ipfwadm -F -f ipfwadm -I -f ipfwadm -O -f </PRE> <P>$B$5$F!"2f!9$O5f6K$N%U%!%$%"%&%)!<%k$r9=C[$7$^$7$?!#(B $B$b$&2?$bDL$7$^$;$s!#(B <P>$B$3$3$G(B /etc/rc.d/rc.firewall $B$H$$$&%U%!%$%k$r:n@.$7$^$9!#(B $B$3$N%9%/%j%W%H$O(B email, web, DNS $B%H%i%U%#%C%/$r5v2D$7$^$9!#(B ;-) <P> <P> <P> <PRE> #! /bin/sh # # rc.firewall # # $B4X?t%i%$%V%i%j$rFI$_9~$`(B . /etc/rc.d/init.d/functions # $B@_Dj$r<hF@(B . /etc/sysconfig/network # $B%M%C%H%o!<%/$,5/F0$7$F$$$k$+%A%'%C%/$9$k(B if [ ${NETWORKING} = "no" ] then exit 0 fi case "$1" in start) echo -n "Starting Firewall Services: " # $B%5!<%P$KF~$k(B email $B$r5v2D$9$k!#(B /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.1.2.10 25 # $B30It$N(B email $B%5!<%P$X$N@\B3$r5v2D$9$k(B /sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.10 25 -D 0.0.0.0/0 1024:65535 # $B$"$J$?$N(B Web $B%5!<%P$K(B Web $B@\B3$r5v2D$9$k!#(B /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.1.2.11 80 # $B30It$N(B Web $B%5!<%P$X$N(B Web $B@\B3$r5v2D$9$k!#(B /sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 80 -D 0.0.0.0/0 1024:65535 # DNS $B%H%i%U%#%C%/$r5v2D$9$k!#(B /sbin/ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 192.1.2.0/24 ;; stop) echo -n "Stooping Firewall Services: " ipfwadm -F -p deny ;; status) echo -n "Now do you show firewall stats?" ;; restart|reload) $0 stop $0 start ;; *) echo "Usage: firewall {start|stop|status|restart|reload}" exit 1 esac </PRE> <P> <P>$BCm0U(B - $B$3$NNc$G$O!"(B192.1.2.10 $B$K(B email (smtp) $B%5!<%P$,$"$C$F!"%]!<%H(B 25 $B$G(B $BAw<u?.$,$G$-$J$1$l$P$J$i$J$$$H$7$F$$$^$9!#(B web $B%5!<%P$O(B 192.1.2.11 $B$G1?MQ$7$F$$$^$9!#(B LAN $B$K$$$kA4$F$NMxMQ<T$,!"30It$N(B web $B%5!<%P$H(B DNS $B%5!<%P$K(B $BE~C#$G$-$k$h$&$K$7$F$$$^$9!#(B <P>$B$3$l$O40A4$K40`z$H$O8@$($^$;$s!#(B $B$J$<$J$i(B port 80 $B$O!"(Bweb $B%]!<%H$H$7$F;H$o$J$1$l$P$J$i$J$$$o$1$G$O$J$/!"(B $B8-$$%O%C%+!<$J$i$3$N%]!<%H$r;H$C$F!"%U%!%$%"%&%)!<%k$r1[$($k(B $B2>A[%W%i%$%Y!<%H%M%C%H%o!<%/(B (VPN) $B$r:n$k$G$7$g$&!#(B $B$3$l$rHr$1$k$K$O!"(B web $B%W%m%-%7$r@_Dj$7!"%W%m%-%7$@$1$,(B $B%U%!%$%"%&%)!<%k$rDL2a$G$-$k$h$&$K$9$k$3$H$G$9!#(B LAN $BB&$N%f!<%6$,30$N(Bweb $B%5!<%P$KE~C#$9$k0Y$K$O%W%m%-%7$r(B $B7PM3$7$J$1$l$P$J$i$J$$$h$&$K$7$^$9!#(B <P>$B%U%!%$%"%&%)!<%k$rDL$k%H%i%U%#%C%/$N4*Dj$K$b6=L#$,$"$k$G$7$g$&!#(B $B<!$N%9%/%j%W%H$OA4$F$N%Q%1%C%H$r?t$($^$9!#(B $B$"$J$?$O%7%s%0%k%7%9%F%`$K8~$+$&%Q%1%C%H$r?t$($k0Y$K(B $B0l!"Fs9T2C$($k$3$H$,$G$-$^$9!#(B <P> <P> <PRE> # $B8=:_$N%"%+%&%s%H%k!<%k$rGK4~$9$k!#(B ipfwadm -A -f # Accounting /sbin/ipfwadm -A -f /sbin/ipfwadm -A out -i -S 192.1.2.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -A out -i -S 0.0.0.0/0 -D 192.1.2.0/24 /sbin/ipfwadm -A in -i -S 192.1.2.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -A in -i -S 0.0.0.0/0 -D 192.1.2.0/24 </PRE> <P>$BI,MW$J$N$,%U%#%k%?%j%s%0%U%!%$%"%&%)!<%k$@$1$J$i!"$"$J$?$O$3$3$G@_Dj$r(B $B=*$($k$3$H$,$G$-$^$9!#(B $B%F%9%H$7$F$+$i1?MQ$7$F$/$@$5$$!#(B <P> <HR> <A HREF="Firewall-HOWTO-8.html">$B<!$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO-6.html">$BA0$N%Z!<%8(B</A> <A HREF="Firewall-HOWTO.html#toc7">$BL\<!$X(B</A> </BODY> </HTML>