Sophie

Sophie

distrib > Mandriva > 9.2 > i586 > by-pkgid > a804ef007a99f7d26cf24253c2994680 > files > 349

howto-html-ja-9.1-0.5mdk.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>Firewall And Proxy Server HOWTO: IP $B%U%#%k%?%j%s%0$N@_Dj(B(IPFWADM)</TITLE>
 <LINK HREF="Firewall-HOWTO-8.html" REL=next>
 <LINK HREF="Firewall-HOWTO-6.html" REL=previous>
 <LINK HREF="Firewall-HOWTO.html#toc7" REL=contents>
</HEAD>
<BODY>
<A HREF="Firewall-HOWTO-8.html">$B<!$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO-6.html">$BA0$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO.html#toc7">$BL\<!$X(B</A>
<HR>
<H2><A NAME="s7">7. IP $B%U%#%k%?%j%s%0$N@_Dj(B(IPFWADM)</A></H2>

<P> 
$B%+!<%M%k(B 2.1.102 $B0J>e$r;H$C$F$$$k$J$i$3$N>O$rHt$P$7$F!"<!$N(B IPCHAINS $B$N(B
$B>O$K?J$s$G$/$@$5$$!#(B
<P>$B0JA0$N%+!<%M%k$G$O(B IP Forwarding $B$O%G%U%)%k%H$G%+!<%M%k$KAH$_9~$^$l(B
$BM-8z$K$J$C$F$$$^$9!#(B
$B=>$C$F!"%M%C%H%o!<%/$r@_Dj$9$k>l9g$O!"$^$:A4$F$r5qH]$7!"(B
$B0JA0$KCV$+$l$F$$$?(B ipfw $B$N%k!<%k$rGK4~$9$k$Y$-$G$9!#(B
$B0J2<$N$h$&$J%9%/%j%W%H(B ($B$N0lItJ,(B) $B$r!"%M%C%H%o!<%/$N5/F0%9%/%j%W%H(B
(/etc/rc.d/init.d/network) $B$K=q$$$F$*$+$J$1$l$P$$$1$^$;$s!#(B
<P>
<P>
<PRE>
  #
  # IP packet Accounting $B$H(B Forwarding $B$N@_Dj(B
  #
  #   Forwarding
  #
  # $B%G%U%)%k%H$GA4$F$N%5!<%S%9$rIT5v2D$K$9$k!#(B
  ipfwadm -F -p deny
  # $BA4$F$N%3%^%s%I$rGK4~$9$k!#(B
  ipfwadm -F -f
  ipfwadm -I -f
  ipfwadm -O -f
</PRE>
<P>$B$5$F!"2f!9$O5f6K$N%U%!%$%"%&%)!<%k$r9=C[$7$^$7$?!#(B
$B$b$&2?$bDL$7$^$;$s!#(B
<P>$B$3$3$G(B /etc/rc.d/rc.firewall $B$H$$$&%U%!%$%k$r:n@.$7$^$9!#(B
$B$3$N%9%/%j%W%H$O(B email, web, DNS $B%H%i%U%#%C%/$r5v2D$7$^$9!#(B ;-)
<P>
<P>
<P>
<PRE>
#! /bin/sh
#
# rc.firewall
#
# $B4X?t%i%$%V%i%j$rFI$_9~$`(B
. /etc/rc.d/init.d/functions

# $B@_Dj$r<hF@(B
. /etc/sysconfig/network

# $B%M%C%H%o!<%/$,5/F0$7$F$$$k$+%A%'%C%/$9$k(B
if [ ${NETWORKING} = "no" ]
then
        exit 0
fi
case "$1" in
  start)
  echo -n "Starting Firewall Services: "
  # $B%5!<%P$KF~$k(B email $B$r5v2D$9$k!#(B
  /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.1.2.10 25
  # $B30It$N(B email $B%5!<%P$X$N@\B3$r5v2D$9$k(B
  /sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.10 25 -D 0.0.0.0/0 1024:65535
  # $B$"$J$?$N(B Web $B%5!<%P$K(B Web $B@\B3$r5v2D$9$k!#(B
  /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.1.2.11 80
  # $B30It$N(B Web $B%5!<%P$X$N(B Web $B@\B3$r5v2D$9$k!#(B
  /sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 80 -D 0.0.0.0/0 1024:65535 
  # DNS $B%H%i%U%#%C%/$r5v2D$9$k!#(B
  /sbin/ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 192.1.2.0/24
  ;;
  stop)
  echo -n "Stooping Firewall Services: "
  ipfwadm -F -p deny
  ;;
  status)
  echo -n "Now do you show firewall stats?"
  ;;
  restart|reload)
        $0 stop
        $0 start
        ;;
  *)
        echo "Usage: firewall {start|stop|status|restart|reload}"
        exit 1
esac
</PRE>
<P>
<P>$BCm0U(B - $B$3$NNc$G$O!"(B192.1.2.10 $B$K(B email (smtp) $B%5!<%P$,$"$C$F!"%]!<%H(B 25 $B$G(B
$BAw<u?.$,$G$-$J$1$l$P$J$i$J$$$H$7$F$$$^$9!#(B
web $B%5!<%P$O(B 192.1.2.11 $B$G1?MQ$7$F$$$^$9!#(B
LAN $B$K$$$kA4$F$NMxMQ<T$,!"30It$N(B web $B%5!<%P$H(B DNS $B%5!<%P$K(B
$BE~C#$G$-$k$h$&$K$7$F$$$^$9!#(B
<P>$B$3$l$O40A4$K40`z$H$O8@$($^$;$s!#(B
$B$J$<$J$i(B port 80 $B$O!"(Bweb $B%]!<%H$H$7$F;H$o$J$1$l$P$J$i$J$$$o$1$G$O$J$/!"(B
$B8-$$%O%C%+!<$J$i$3$N%]!<%H$r;H$C$F!"%U%!%$%"%&%)!<%k$r1[$($k(B
$B2>A[%W%i%$%Y!<%H%M%C%H%o!<%/(B (VPN) $B$r:n$k$G$7$g$&!#(B
$B$3$l$rHr$1$k$K$O!"(B web $B%W%m%-%7$r@_Dj$7!"%W%m%-%7$@$1$,(B
$B%U%!%$%"%&%)!<%k$rDL2a$G$-$k$h$&$K$9$k$3$H$G$9!#(B
LAN $BB&$N%f!<%6$,30$N(Bweb $B%5!<%P$KE~C#$9$k0Y$K$O%W%m%-%7$r(B
$B7PM3$7$J$1$l$P$J$i$J$$$h$&$K$7$^$9!#(B
<P>$B%U%!%$%"%&%)!<%k$rDL$k%H%i%U%#%C%/$N4*Dj$K$b6=L#$,$"$k$G$7$g$&!#(B
$B<!$N%9%/%j%W%H$OA4$F$N%Q%1%C%H$r?t$($^$9!#(B
$B$"$J$?$O%7%s%0%k%7%9%F%`$K8~$+$&%Q%1%C%H$r?t$($k0Y$K(B
$B0l!"Fs9T2C$($k$3$H$,$G$-$^$9!#(B
<P>
<P>
<PRE>
          
  # $B8=:_$N%"%+%&%s%H%k!<%k$rGK4~$9$k!#(B
  ipfwadm -A -f
  # Accounting
  /sbin/ipfwadm -A -f
  /sbin/ipfwadm -A out -i -S 192.1.2.0/24 -D 0.0.0.0/0
  /sbin/ipfwadm -A out -i -S 0.0.0.0/0 -D 192.1.2.0/24
  /sbin/ipfwadm -A in -i -S 192.1.2.0/24 -D 0.0.0.0/0
  /sbin/ipfwadm -A in -i -S 0.0.0.0/0 -D 192.1.2.0/24
</PRE>
<P>$BI,MW$J$N$,%U%#%k%?%j%s%0%U%!%$%"%&%)!<%k$@$1$J$i!"$"$J$?$O$3$3$G@_Dj$r(B
$B=*$($k$3$H$,$G$-$^$9!#(B
$B%F%9%H$7$F$+$i1?MQ$7$F$/$@$5$$!#(B
<P>
<HR>
<A HREF="Firewall-HOWTO-8.html">$B<!$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO-6.html">$BA0$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO.html#toc7">$BL\<!$X(B</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional