<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> <TITLE>Linux IPCHAINS-HOWTO: $BIUO?(B: ipchains $B$H(B ipfwadm $B$H$N0c$$(B</TITLE> <LINK HREF="IPCHAINS-HOWTO-9.html" REL=next> <LINK HREF="IPCHAINS-HOWTO-7.html" REL=previous> <LINK HREF="IPCHAINS-HOWTO.html#toc8" REL=contents> </HEAD> <BODY> <A HREF="IPCHAINS-HOWTO-9.html">$B<!$N%Z!<%8(B</A> <A HREF="IPCHAINS-HOWTO-7.html">$BA0$N%Z!<%8(B</A> <A HREF="IPCHAINS-HOWTO.html#toc8">$BL\<!$X(B</A> <HR> <H2><A NAME="ipfwadm-diff"></A> <A NAME="s8">8. $BIUO?(B: ipchains $B$H(B ipfwadm $B$H$N0c$$(B</A></H2> <P>$B$3$l$i$NJQ99$N4v$D$+$O%+!<%M%k$NJQ99$N7k2L$G$"$j!"$^$?4v$D$+$O(B <CODE>ipchains</CODE> $B$H(B <CODE>ipfwadm</CODE> $B$H$N0c$$$N7k2L$G$9!#(B <P> <P> <OL> <LI> $BB?$/$N0z?t$O:FG[CV$5$l$^$7$?(B: $B8=:_!"BgJ8;z$O%3%^%s%I$r<($7!">.J8;z$O%*%W%7%g%s$r<($7$^$9!#(B </LI> <LI> $BG$0U$N%A%'%$%s$,%5%]!<%H$5$l$^$7$?$N$G!"AH$_9~$_%A%'%$%s$bF1MM$K%U%i%0$G$O$J$/%U%k%M!<%`$G5-:\$9$kI,MW$,$"$j$^$9!#(B ($BNc(B. `-I' $B$G$O$J$/(B `input' $B$H5-:\$7$^$9(B). </LI> <LI> `-k' $B%*%W%7%g%s$O$J$/$J$j$^$7$?!#(B `! -y' $B$r;H$C$F2<$5$$!#(B </LI> <LI> `-b' $B%*%W%7%g%s$O!"C10l$N(B `$BAPJ}8~(B' $B%k!<%k$H$$$&$h$j$b!"$`$7$m<B:]$K$O(B2$B$D$N%k!<%k$KBP$7$FA^F~(B/$BDI2C(B/$B:o=|$r9T$$$^$9!#(B </LI> <LI> `-b' $B%*%W%7%g%s$O(B 2$B$D$N%A%'%C%/$r9T$&$?$a$K!"(B `-C' $B%*%W%7%g%s$K$FL58z2=$5$l$^$9!#(B($B3F!9$NJ}8~$N(B1$B$D(B) </LI> <LI> `-l' $B$KBP$9$k(B `-x' $B%*%W%7%g%s$O(B `-v' $B$KJQ99$5$l$^$7$?!#(B </LI> <LI> $B$b$&!"J#?t$NAw?.B&$H<u?.B&$N%]!<%H$O%5%]!<%H$5$l$^$;$s!#(B $BK>$^$7$/$O!"%]!<%HI}$rH]Dj$G$-$k$3$H$G!"B?>/$O$=$NL\E*$rJd$&$G$7$g$&!#(B </LI> <LI> $B%$%s%?!<%U%'!<%9$O(B($B%"%I%l%9$G$J$/(B)$BL>A0$K$h$C$F$N$_;XDj$G$-$^$9!#(B $B$^$!!"$I$N$_$A!"0JA0$N0UL#IU$1$O(B 2.1 $B%+!<%M%k%7%j!<%:$G@E$+$KJQ99$5$l$?$3$H$G$9$7!#(B </LI> <LI> $B%Q%1%C%H$NCGJR2=$O8!::$5$l$^$9$N$G!"<+F0E*$K$OAGDL$j$7$^$;$s!#(B </LI> <LI> $BL@<(E*$J7W?t%A%'%$%s$OGQ;_$5$l$^$7$?!#(B </LI> <LI> IP$B>e$NG$0U$N%W%m%H%3%k$,%F%9%H$G$-$^$9!#(B </LI> <LI> SYN $B$H(B ACK $B$NAH9g$;$KBP$9$k0JA0$N?6Iq$$(B ($B0JA0$OHs(B TCP $B%Q%1%C%H$OL5;k$7$F$$$^$7$?(B) $B$OJQ99$5$l$^$7$?(B; SYN $B%*%W%7%g%s$O!"Hs(B TCP $BFHFC$N%k!<%k$KBP$7$F$OL58z$G$9!#(B </LI> <LI> $B8=:_!"(B32$B%S%C%H%^%7%s>e$N%+%&%s%?$O(B 64$B%S%C%H$G$"$j!"(B32$B%S%C%H$G$O$"$j$^$;$s!#(B </LI> <LI> $B8=:_!"H?E>%*%W%7%g%s$,%5%]!<%H$5$l$F$$$^$9!#(B </LI> <LI> $B8=:_!"(B ICMP $B%3!<%I$,%5%]!<%H$5$l$F$$$^$9!#(B </LI> <LI> $B8=:_!"%o%$%k%I%+!<%I%$%s%?!<%U%'!<%9$,%5%]!<%H$5$l$F$$$^$9!#(B </LI> <LI> $B8=:_!"(BTOS $BA`:n$OJ,JL%A%'%C%/$5$l$^$9(B: $B8E$$%+!<%M%k%3!<%I$O(B `$B%<%m$G$J$1$l$P$J$i$J$$(B' TOS $B%S%C%H$r(B($BITEv$K(B)$BA`:n$5$l$k$3$H$G!"@E$+$K;_$^$C$F$7$^$C$F$$$^$7$?(B; $B8=:_!"(B ipchains $B$O(B $B$=$N$h$&$J;n$_$KBP$7$F!"B>$NITEv$J>l9g$HF1MM$K%(%i!<$rJV$7$^$9!#(B </LI> </OL> <P> <H2><A NAME="ss8.1">8.1 $B%/%#%C%/%j%U%!%l%s%90lMw(B</A> </H2> <P>[ $B<g$K!"%3%^%s%I0z?t$OBgJ8;z$G!"%*%W%7%g%s0z?t$O>.J8;z$G$9!#(B] <P> <P>$BCm0U$9$Y$-0lE@$H$7$F!"(B $B%^%9%+%l!<%G%#%s%0$O(B `-j MASQ' $B$H5-:\$7$^$9(B; $B$3$l$O(B `-j ACCEPT' $B$HA4$/0[$J$j!"$^$?(B <CODE>ipfwadm</CODE> $B$N$h$&$JI{<!E*8z2L$H$7$F$O<h$j07$$$^$;$s!#(B <P> <P> <PRE> ================================================================ | ipfwadm | ipchains | $BCm0U(B ---------------------------------------------------------------- | -A [both] | -N acct | `acct' $B%A%'%$%s$r@8@.$7!"(B | |& -I 1 input -j acct | $B=PNO$HF~NO%Q%1%C%H$r$=$l(B | |& -I 1 output -j acct | $B$KDL2a$5$;$^$9!#(B | |& acct | ---------------------------------------------------------------- | -A in | input | $B%?!<%2%C%H$J$7$N%k!<%k(B ---------------------------------------------------------------- | -A out | output | $B%?!<%2%C%H$J$7$N%k!<%k(B ---------------------------------------------------------------- | -F | forward | [$B%A%'%$%s(B]$B$H$7$FMQ$$$^$9!#(B ---------------------------------------------------------------- | -I | input | [$B%A%'%$%s(B]$B$H$7$FMQ$$$^$9!#(B ---------------------------------------------------------------- | -O | output | [$B%A%'%$%s(B]$B$H$7$FMQ$$$^$9!#(B ---------------------------------------------------------------- | -M -l | -M -L | ---------------------------------------------------------------- | -M -s | -M -S | ---------------------------------------------------------------- | -a policy | -A [chain] -j POLICY | ($B$G$b(B -r $B$H(B -m $B$b8+$F2<(B | | | $B$5$$(B). ---------------------------------------------------------------- | -d policy | -D [chain] -j POLICY | ($B$G$b(B -r $B$H(B -m $B$b8+$F2<(B | | | $B$5$$(B). ---------------------------------------------------------------- | -i policy | -I 1 [chain] -j POLICY| ($B$G$b(B -r $B$H(B -m $B$b8+$F2<(B | | | $B$5$$(B). ---------------------------------------------------------------- | -l | -L | ---------------------------------------------------------------- | -z | -Z | ---------------------------------------------------------------- | -f | -F | ---------------------------------------------------------------- | -p | -P | ---------------------------------------------------------------- | -c | -C | ---------------------------------------------------------------- | -P | -p | ---------------------------------------------------------------- | -S | -s | 1$B%]!<%H$^$?$O%l%s%8$KBP(B | | | $B$7$F$N$_5!G=$7!"J#?t$G(B | | | $B$O$"$j$^$;$s!#(B ---------------------------------------------------------------- | -D | -d | 1$B%]!<%H$^$?$O%l%s%8$KBP(B | | | $B$7$F$N$_5!G=$7!"J#?t$G(B | | | $B$O$"$j$^$;$s!#(B ---------------------------------------------------------------- | -V | <none> | -i [$BL>A0(B] $B$GMQ$$$^$9!#(B ---------------------------------------------------------------- | -W | -i | ---------------------------------------------------------------- | -b | -b | $B8=:_!"<B:]$K$O(B2$B%k!<%k$r(B | | | $B:n@.$7$^$9!#(B ---------------------------------------------------------------- | -e | -v | ---------------------------------------------------------------- | -k | ! -y | -p tcp $B$H6&$K;XDj$7$J$$(B | | | $B$H5!G=$7$^$;$s!#(B ---------------------------------------------------------------- | -m | -j MASQ | ---------------------------------------------------------------- | -n | -n | ---------------------------------------------------------------- | -o | -l | ---------------------------------------------------------------- | -r [redirpt] | -j REDIRECT [redirpt] | ---------------------------------------------------------------- | -t | -t | ---------------------------------------------------------------- | -v | -v | ---------------------------------------------------------------- | -x | -x | ---------------------------------------------------------------- | -y | -y | -p tcp $B$H6&$K;XDj$7$J$$(B | | | $B$H5!G=$7$^$;$s!#(B ---------------------------------------------------------------- </PRE> <P> <H2><A NAME="ss8.2">8.2 ipfwadm $B%3%^%s%I$NJQ49Nc(B</A> </H2> <P>$B5l%3%^%s%I(B: ipfwadm -F -p deny <P>$B?7%3%^%s%I(B: ipchains -P forward DENY <P> <P>$B5l%3%^%s%I(B: ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0 <P>$B?7%3%^%s%I(B: ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0 <P> <P>$B5l%3%^%s%I(B: ipfwadm -I -a accept -V 10.1.2.1 -S 10.0.0.0/8 -D 0.0.0.0/0 <P>$B?7%3%^%s%I(B: ipchains -A input -j ACCEPT -i eth0 -s 10.0.0.0/8 -d 0.0.0.0/0 <P>($B%$%s%?!<%U%'!<%9$r%"%I%l%9$K$h$C$F;XDj$9$k$N$H$O0c$&$3$H$KCm0U$7$F2<$5$$(B: $B%$%s%?!<%U%'!<%9L>$rMQ$$$F2<$5$$!#(B $B$3$N%^%7%s>e$G$O!"(B 10.1.2.1 $B$O(B eth0 $B$KAjEv$7$^$9(B)$B!#(B <P> <HR> <A HREF="IPCHAINS-HOWTO-9.html">$B<!$N%Z!<%8(B</A> <A HREF="IPCHAINS-HOWTO-7.html">$BA0$N%Z!<%8(B</A> <A HREF="IPCHAINS-HOWTO.html#toc8">$BL\<!$X(B</A> </BODY> </HTML>