<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Linux IPCHAINS-HOWTO: �$B$=$NB>$N>pJs�(B</TITLE>
<LINK HREF="IPCHAINS-HOWTO-6.html" REL=next>
<LINK HREF="IPCHAINS-HOWTO-4.html" REL=previous>
<LINK HREF="IPCHAINS-HOWTO.html#toc5" REL=contents>
</HEAD>
<BODY>
<A HREF="IPCHAINS-HOWTO-6.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="IPCHAINS-HOWTO-4.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="IPCHAINS-HOWTO.html#toc5">�$BL\<!$X�(B</A>
<HR>
<H2><A NAME="s5">5. �$B$=$NB>$N>pJs�(B</A></H2>
<P>�$B$3$N9`$O>e=R$N@bL@$+$i$b$l$?$9$Y$F$N>pJs$H�(B FAQ �$B=8$,$"$j$^$9!#�(B
<P>
<H2><A NAME="organisation"></A> <A NAME="ss5.1">5.1 �$B%U%!%$%"%&%)!<%k%k!<%k$r$I$N$h$&$K9=C[$9$k$+�(B</A>
</H2>
<P>�$B$3$NLdBj$K$O$"$k<o$NJ}?K$,I,MW$G$9!#B.EY$r:GE,2=�(B(�$B:G$bIaDL$N%Q%1%C%H$KBP$9$k%k!<%k%A%'%C%/$r:G>.8B$K$H$I$a$k�(B)�$B$7$F9=C[$9$k$+!"4IM}@-$r9b$a$F9=C[$9$k$3$H$b$G$-$^$9!#�(B
<P>
<P>PPP �$B%j%s%/$H8@$&4V7gE*$J%j%s%/$r;H$C$F$$$k$J$i!"5/F0;~$K�(B
input �$B%A%'%$%s$N:G=i$N%k!<%k$r�(B
`-i ppp0 -jDENY'
�$B$K@_Dj$7$?$$$H;W$&$+$b$7$l$^$;$s!#�(B
�$B$=$N>l9g$O!"�(B <CODE>ip-up</CODE> �$B%9%/%j%W%H%U%!%$%k$G<!$N$h$&$K$7$^$9!#�(B
<P>(�$BLuCm�(B: �$B%G%P%$%9�(B ppp0 �$B$+$i$N%Q%1%C%H$rGK4~$9$k!#%@%$%d%k%"%C%W2s@~$J$I$+$i$N?/F~$rKI;_$7$?>l9g$K@_Dj$9$k!#�(B)
<P>
<BLOCKQUOTE><CODE>
<PRE>
# `ppp-in' �$B%A%'%$%s$r:F@8@.$9$k!#�(B
ipchains-restore -f < ppp-in.firewall
# ppp-handling �$B%A%'%$%s$K3d$j9~$s$G�(B DENY �$B%k!<%k$rCV$-49$($k!#�(B
ipchains -R input 1 -i ppp0 -j ppp-in
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P><CODE>ip-down</CODE> �$B$O<!$N$h$&$K$J$j$^$9!#�(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
ipchains -R input 1 -i ppp0 -j DENY
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>
<H2><A NAME="ss5.2">5.2 �$B%U%#%k%?%j%s%0$GGK4~$7$F$O$$$1$J$$%Q%1%C%H�(B</A>
</H2>
<P>�$BI,MW$G$J$$%Q%1%C%H$r%U%#%k%?%j%s%0$GGK4~$9$kA0$KCm0U$7$F$*$+$J$1$l$P$$$1$J$$;v$,$"$j$^$9!#�(B
<P>
<H3><A NAME="ICMP"></A> ICMP �$B%Q%1%C%H�(B</H3>
<P>ICMP �$B%Q%1%C%H$O!"�(B(TCP �$B$d�(B UDP �$B$N$h$&$J�(B)�$BJL$N%W%m%H%3%k$KBP$7$F!"<:GT$rI=<(�(B (�$B$=$NB>?t$"$k$b$N$N$J$+$G�(B) �$B$9$k$N$K;H$o$l$F$$$^$9!#�(B
�$B$H$j$o$1�(B `�$BL\E*CO$KE~C#$7$J$$�(B' �$B%Q%1%C%H$rI=<($7$^$9!#�(B
�$B$3$l$i$N%Q%1%C%H$r%V%m%C%/$9$k$H!"�(B `�$B%[%9%H$KE~C#$7$^$;$s�(B' �$B$d�(B `�$B%[%9%H$X$N7PO)$,$"$j$^$;$s�(B' �$B$H$$$&%(%i!<$r<u$1<h$k$3$H$,$G$-$J$/$J$j$^$9!#�(B
�$B$I$N$h$&$J@\B3$bMh$k$O$:$N$J$$JVEz$rBT$D$@$1$K$J$j$^$9!#�(B
�$B$3$l$O$$$i$$$i$7$^$9$,CWL?E*$G$O$"$j$^$;$s!#�(B
<P>
<P>�$B$5$i$K0-$$$3$H$O�(B MTU �$B8!=P$G$N�(B ICMP �$B%Q%1%C%H$NLr3d$G$9!#�(B
�$B$9$Y$F$NNI9%$J�(B TCP �$B$N<BAu�(B(Linux �$B$r4^$a$?�(B)�$B$O!"J,3d$5$l$J$$>uBV$G�(B(�$BJ,3d$5$l$k$H%Q%U%)!<%^%s%9$rDc2<$5$;!"$H$j$o$1!"$H$-$I$-J,3d$5$l$?CGJR$,<:$o$l$k$H$5$i$KDc2<$7$^$9�(B)�$BL\E*CO$KE~C#$9$k:GBg$N%Q%1%C%H%5%$%:$r3d$j=P$9$?$a$K�(B MTU �$B8!=P$r;H$C$F$$$^$9!#�(B
MTU �$B8!=P$O!"$^$:%Q%1%C%H$r�(B "�$BJ,3dIT2D�(B" �$B$N%S%C%H$r@_Dj$7$FAw$j!"�(B '�$BJ,3d$,I,MW$@$,J,3d$7$J$$@_Dj�(B(DF)�$B$r$7$F$$$k�(B'�$B$H$$$&%(%i!<$r<($9�(B ICMP �$B%Q%1%C%H$r<u$1<h$C$?$i!"@h$[$I$N$b$N$h$j>.$5$$%5%$%:$N%Q%1%C%H$rAw$jD>$9!"$H$$$&$d$j$+$?$GF0:n$7$^$9!#�(B
�$B$3$l$O!"�(B`�$BL\E*CO$XE~C#ITG=�(B' �$B%Q%1%C%H$N%?%$%W$G!"$b$7<u$1$J$$$J$i!"%m!<%+%k%[%9%H$O�(B MTU �$B$rDc2<$5$;$J$$$G!"<B9T$O$R$I$/0-$/$J$k$+!"B8:_$7$J$$$3$H$K$J$k$G$7$g$&!#�(B
<P>�$BLuCm�(B:
<DL>
<DT><B>ICMP: Internet Control Message Protocol </B><DD><P>IP �$BAj8_@\B3%M%C%H%o!<%/Fb$N%N!<%I$G%(%i!<DLC#!"?GCG!"@)8f$N$?$a$N�(B
�$B%a%C%;!<%8$rAw$k%W%m%H%3%k�(B
<DT><B>MTU: maximum transmission unit</B><DD><P>�$B%M%C%H%o!<%/%$%s%?!<%U%'!<%9$,0lEY$KAw$k$3$H$,$G$-$k:GBg$N%G!<%?NL�(B
</DL>
<P>
<P>�$B$9$Y$F$N�(B ICMP �$B7PO)JQ99MW5a%a%C%;!<%8�(B(type 5)�$B$r%V%m%C%/$9$k$N$OIaDL$@$H$$$&$3$H$KCm0U$7$F2<$5$$!#�(B
�$B$3$l$i$O!"7PO)$r<jF0@_Dj$9$k0Y$K;H$&$3$H$,=PMh$^$9$,�(B(�$BNI9%$J�(B IP �$B%9%?%C%/$O0BA4AuCV$r;}$C$F$$$^$9�(B)�$B!"$7$P$7$P$d$d4m81$@$HCN$i$l$F$$$^$9!#�(B
<P>
<H3>DNS (�$B%M!<%`%5!<%P!<�(B) �$B$X$N�(B TCP �$B@\B3�(B</H3>
<P>�$B308~$-$N�(B TCP �$B@\B3$r%V%m%C%/$9$k$h$&$K$7$F$$$k$J$i!"�(B DNS �$B$O$$$D$b�(B UDP �$B$r;H$o$J$$$3$H$KCm0U$7$F2<$5$$!#�(B
�$B%5!<%P$+$i$NJVEz$,�(B 512 �$B%P%$%H$r1[$($k$H!"%/%i%$%"%s%H$O%G!<%?$rF@$k$N$K�(B TCP �$B@\B3�(B(�$B$d$O$j�(B 53 �$BHV%]!<%HHV9f�(B) �$B$r;H$$$^$9!#�(B
<P>�$BLuCm�(B:
<DL>
<DT><B>UDP: User Datagram Protocol </B><DD><P>�$B%G!<%?%Q%1%C%H$NE>Aw$r9T$&%W%m%0%i%`!#�(BUDP �$B$O�(B TCP �$B$KHf$Y$k$H9bB.$G�(B
�$B$9$,!"?.Mj@-$,Dc$/!"%Q%1%C%H$NE~C#=g=x$,J]>Z$5$l$^$;$s!#�(B
</DL>
<P>
<P>TCP �$BE>Aw$r6X;_$7$F$$$F$b!"�(B DNS �$B$,�(B `�$B$[$H$s$IF0$/�(B' �$B$N$G%O%^%j$^$9!#�(B
�$B$=$N$h$&$K$7$F$$$k$J$i!"IT2D2r$JD9$$CY1d$d$=$NB>$N$H$-$I$-H/@8$9$k�(B DNS �$B$NLdBj$r7P83$9$k$3$H$K$J$k$G$7$g$&!#�(B
<P>
<P>DNS �$B$NLd$$9g$o$;$,!"$$$D$bF10l$N30It$N%=!<%9�(B(<CODE>/etc/resolv.conf</CODE> �$B$K=q$+$l$?9T$N�(B<CODE>�$B%M!<%`%5!<%P�(B</CODE>�$B$rD>@\;H$&$+!"%U%)%o!<%I%b!<%I$G%-%c%C%7%e$N%M!<%`%5!<%P!<$r;H$&$+$N$I$A$i$+�(B)�$B$K$7$F$$$k$J$i!"�(B(�$B%-%c%C%7%e$r;H$C$F$$$k$J$i�(B)�$B%m!<%+%k�(B <CODE>domain</CODE> �$B%]!<%H$+$i!"�(B <CODE>/etc/resolv.conf</CODE> �$B$r;H$C$F$$$k$J$i%O%$%]!<%H�(B(>1023)�$B$+$i!"$=$N%M!<%`%5!<%P$N�(B <CODE>domain</CODE> �$B%]!<%H$X$N�(B TCP �$B@\B3$r5v2D$9$kI,MW$@$1$G$+$^$$$^$;$s!#�(B
<P>�$BLuCm�(B:
domain �$B$O�(B /etc/services �$B$K<!$N9`L\$,Dj5A$5$l$F$$$k$+$r3NG'$7$F$*$-$^$9!#�(B
�$B<!$N$h$&$K$7$FD4$Y$k$3$H$,$G$-$^$9!#�(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
$ grep domain /etc/services
domain 53/tcp nameserver # name-domain server
domain 53/udp nameserver
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H3><A NAME="ftp"></A> FTP �$B$N0-L4�(B</H3>
<P>�$BE57?E*$J%Q%1%C%H%U%#%k%?%j%s%0$NLdBj$O�(B FTP �$B$G$9!#�(BFTP �$B$K$O#2$D$N�(B<B>�$B%b!<%I�(B</B>�$B$,$"$j$^$9!#�(B
�$BEAE}E*$J$b$N$O�(B <B>�$B%"%/%F%#%V%b!<%I�(B</B> �$B$H8@$o$l$k$b$N$G!"$h$j:G6a$N$b$N$O!"�(B <B>�$B%Q%C%7%V%b!<%I�(B</B> �$B$H8@$o$l$^$9!#�(B
Web �$B%V%i%&%6$ODL>o%Q%C%7%V%b!<%I$,%G%U%)%k%H$G$9$,!"%3%^%s%I$N�(B FTP �$B%W%m%0%i%`$ODL>o%"%/%F%#%V%b!<%I$,%G%U%)%k%H$G$9!#�(B
<P>
<P>�$B%"%/%F%#%V%b!<%I$G$O!"%j%b!<%H%[%9%H$,%U%!%$%k$rAw?.$7$?$$$H$-�(B(�$B$"$k$$$O!"�(B <CODE>ls</CODE> �$B$d�(B <CODE>dir</CODE> �$B%3%^%s%I$N7k2L$G$5$(�(B)�$B!"%m!<%+%k%^%7%s$X$N�(B TCP �$B@\B3$r%*!<%W%s$7$h$&$H$7$^$9!#�(B
�$B$3$l$O%"%/%F%#%V�(B FTP �$B$r@ZCG$7$J$$$J$i!"$3$l$i$N�(B TCP �$B@\B3$rGS=|$G$-$J$$$H$$$&$3$H$G$9!#�(B
<P>
<P>�$B%Q%C%7%V%b!<%I$r;H$&%*%W%7%g%s$,$"$k$J$i!"NI$$$3$H$G$9!#�(B
�$B%Q%C%7%V%b!<%I$OF~NO%G!<%?$KBP$7$F$b!"%/%i%$%"%s%H$+$i%5!<%P$K%G!<%?@\B3$r:n$j$^$9!#�(B
�$B%Q%C%7%V%b!<%I$,;H$($J$$$J$i!"�(BTCP �$B@\B3$K�(B 1024 �$B$r1[$(!"�(B6000 �$B$+$i�(B 6010 �$B$NHO0O$KL5$$%]!<%H$KBP$7$F�(B TCP �$B@\B3$r5v2D$9$k$3$H$r?d>)$7$^$9!#�(B(6000 �$B$O�(B X-Window System �$B$K;H$o$l$F$$$^$9!#�(B)
<P>
<H2><A NAME="ss5.3">5.3 Ping of Death �$B$rGS=|$9$k�(B</A>
</H2>
<P>Linux �$B%^%7%s$O$$$^$dM-L>$J�(B<B> Ping of Death </B>�$B$r?4G[$9$k$3$H$O$"$j$^$;$s!#�(B
Ping of Death �$B$OITK!$KBg$-$J�(B ICMP �$B%Q%1%C%H$rAw?.$7!"$=$l$O<u$1<h$jB&$G�(B TCP �$B%9%?%C%/$K$"$k%P%C%U%!!<$r0n$l$5$;!"GK2u$N860x$K$J$j$^$9!#�(B
<P>
<P>�$B@H<e$J%^%7%s$rJ]8n$9$k$J$i!"C1=c$K�(B ICMP �$B%U%i%0%a%s%H$r%V%m%C%/$G$-$^$9!#�(B
�$BDL>o$N�(B ICMP �$B%Q%1%C%H$OJ,3d$rMW5a$9$k$[$IBg$-$/$O$"$j$^$;$s$+$i!"Bg$-$J�(B ping �$B$rGS=|$9$k0J30B>$K$O1F6A$rM?$($^$;$s!#�(B
(�$BIT3N$+$G$9$,�(B)�$B;d$O!"�(BICMP �$B%U%i%0%a%s%H$rMn$9$?$a$K!"%5%$%:%*!<%P!<$N�(B ICMP �$B%Q%1%C%H$N:G8e$N%U%i%0%a%s%H$@$1$rMW5a$7!"$=$N7k2L!":G=i$N%U%i%0%a%s%H$@$1$r%V%m%C%/$9$k%7%9%F%`$,$"$k$H$$$&Js9p$rJ9$$$?$3$H$,$"$j$^$9$,!":G=i$N%U%i%0%a%s%H$@$1$r%V%m%C%/$9$k$h$&$J%7%9%F%`$O$*4+$a$G$-$^$;$s!#�(B
<P>
<P>�$B;d$O�(B ICMP �$B$r;H$&$9$Y$F$N%W%m%0%i%`$r8+$F$-$^$7$?$,!"�(BTCP �$B$d�(B UDP �$B%U%i%0%a%s%H�(B(�$B$"$k$$$OITL@$N%W%m%H%3%k�(B)�$B$O!"$3$N$h$&$J967b$KBP$7$F;H$&$3$H$,$G$-$J$$$H$$$&M}M3$,$J$$$N$G!"�(B ICMP �$B%U%i%0%a%s%H$r%V%m%C%/$9$k$N$O!"4V$K9g$o$;$N2r7h$G$7$+$"$j$^$;$s!#�(B
<P>
<H2><A NAME="ss5.4">5.4 Teardrop �$B$H�(B Bonk �$B$rGS=|$9$k�(B</A>
</H2>
<P>Teardrop �$B$H�(B Bonk �$B$H8@$o$l$k$b$N$O!"=EJ#$9$k%U%i%0%a%s%H$rL\E*$K$7$F$$$k�(B 2�$B<oN`$N967b�(B(�$B$*$b$K�(BMicrosoft Windows NT �$B%^%7%s$KBP$7$F�(B)�$B$G$9!#�(B
Linux �$B%k!<%?$,%G%U%i%05!G=$r;}$C$F$$$k$+!"967b$5$l$d$9$$%^%7%s$K$9$Y$F$N%U%i%0%a%s%H$r6X;_$9$k$N$OJL$N%*%W%7%g%s$G$9!#�(B
<P>
<H2><A NAME="ss5.5">5.5 �$B%U%i%0%a%s%HGz7b$rGS=|$9$k�(B</A>
</H2>
<P>�$B?.Mj@-$NDc$$�(B TCP �$B%9%?%C%/$O!"%Q%1%C%H$,B??t$N%U%i%0%a%s%H$K$J$C$F$$$F!"$=$l$i$r$9$Y$F<u?.$G$-$J$$$H$-!"BgNL$N%U%i%0%a%s%H$r07$&$N$KLdBj$r;}$C$F$$$k$b$N$,$"$k$H8@$o$l$F$$$^$9!#�(B
Linux �$B$O$3$N$h$&$JLdBj$,$"$j$^$;$s!#�(B
�$B%U%i%0%a%s%H$rGK4~�(B(�$B@5Ev$K;HMQ$5$l$?$b$N$b2u$9$+$b$7$l$^$;$s�(B)�$B$9$k$+!"$^$?$O!"�(B `IP: always defragment' �$B$r�(B `Y' �$B$H�(B(�$B$"$J$?$N�(B Linux �$B%^%7%s$,$3$l$i$N%Q%1%C%H$KBP$7$FM#0l<h$jF@$k7PO)$G$"$k>l9g$N$_�(B)�$BA*Br$7$?%+!<%M%k$r%3%s%Q%$%k$9$k$3$H$GGS=|$G$-$^$9!#�(B
<P>
<H2><A NAME="ss5.6">5.6 �$B%U%!%$%"%&%)!<%k%k!<%k$rJQ99$9$k�(B</A>
</H2>
<P>�$B%U%!%$%"%&%)!<%k%k!<%k$rJQ99$9$k$H$-!"%?%$%_%s%0$NLdBj$,$"$j$^$9!#�(B
�$BIT<j:]$,$"$k$H!"JQ99$NESCf$G$K%Q%1%C%H$rDL$7$F$7$^$$$^$9!#�(B
�$B0B0W$J$d$j$+$?$H$7$F$O<!$N$h$&$JJ}K!$,$"$j$^$9�(B:
<P>
<BLOCKQUOTE><CODE>
<PRE>
# ipchains -I input 1 -j DENY
# ipchains -I output 1 -j DENY
# ipchains -I forward 1 -j DENY
. �$BJQ99$7$^$9�(B ...
# ipchains -D input 1
# ipchains -D output 1
# ipchains -D forward 1
#
</PRE>
</CODE></BLOCKQUOTE>
<P>�$BJQ99$7$F$$$k4V!"$9$Y$F$N%Q%1%C%H$,GK4~$5$l$^$9!#�(B
<P>
<P>�$BJQ99$,C10l$N%A%'%$%s$K8BDj$5$l$?$b$N$J$i!"?7$7$$%k!<%k$G?7$7$$%A%'%$%s$r:n$j$?$$$+$b$7$l$^$;$s!#�(B
�$B?7$7$$%A%'%$%s$r<($9$b$N$H!"8E$$%A%'%$%s$r<($9%k!<%k$rCV$-49$($^$9�(B(`-R')�$B!#�(B
�$B$=$&$9$l$P!"8E$$%A%'%$%s$r:o=|$G$-$^$9!#�(B
�$B$3$NCV$-49$($O%"%H%_%C%/$K�(B(�$BB>$N$b$N$K$O1F6A$7$J$$$G�(B)�$B9T$o$l$^$9!#�(B
<P>
<H2><A NAME="antispoof"></A> <A NAME="ss5.7">5.7 IP �$B56AuJ]8n�(B(IP Spoof Protection)�$B$r!"$I$N$h$&$K@_Dj$7$?$i$h$$$G$9$+�(B?</A>
</H2>
<P>IP �$B56Au$O!"%[%9%H$,JL$N%[%9%H$+$i@A5a$5$l$k%Q%1%C%H$rAw$j=P$95;=Q$G$9!#�(B
�$B%Q%1%C%H%U%#%k%?%j%s%0$O!"$3$N%=!<%9%"%I%l%9$r$b$H$KH=Dj$9$k$N$G!"�(B IP �$B56Au$O%Q%1%C%H%U%#%k%?!<$r$4$^$+$9$?$a$K;H$&$b$N$G$9!#�(B
SYN �$B967b$d$7$:$/�(B(Teardrop)�$B!"$^$?L?<h$j$N�(B Ping(Ping of Death) �$B$d$=$l$K;w$?$b$N�(B(�$B$=$l$i$,2?<T$+$rCN$i$J$$$J$i?4G[$OITMQ$G$9�(B)�$B$r;H$C$F$$$k967b<T$N?H85$r1#$9$?$a$K$b$^$?;H$o$l$^$9!#�(B
<P>
<P>IP �$B56Au$rKI8f$9$k$b$C$H$b$h$$J}K!$O!"%=!<%9%"%I%l%9G'>Z�(B(Source Address Verification)�$B$H8@$o$l$k$b$N$G!"$=$l$O%k!<%F%#%s%0%3!<%I$K$h$C$F9T$o$l$k$b$N$G!"A4$/%U%!%$%"%&%)!<%k$G$O$"$j$^$;$s!#�(B
<CODE>/proc/sys/net/ipv4/conf/all/rp_filter</CODE> �$B$H$$$&%U%!%$%k$rC5$7$F2<$5$$!#�(B
�$B$3$l$,$"$k$J$i!";OF0$9$k$?$S$K%=!<%9%"%I%l%9G'>Z�(B(Source Address Verification)�$B$rM-8z$9$k$3$H$,@5$7$$2r7h$K$J$j$^$9!#�(B
�$B$3$N$h$&$K$9$k$?$a!"$$$:$l$+$N%M%C%H%o!<%/%$%s%?!<%U%'!<%9$,=i4|2=$5$l$kA0$K!"$*;H$$$N�(B init �$B%9%/%j%W%H$N$I$3$+$K<!$N9T$r2C$($^$9!#�(B
<P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# �$B$3$l$,$b$C$H$bNI$$J}K!$G$9�(B: �$B%=!<%9%"%I%l%9G'>Z�(B
# (Source Address Verification) �$B$rM-8z$K$7!"8=:_$"$k$b$N$H$3$l$+$i�(B
# �$B;H$&$9$Y$F$N%$%s%?!<%U%'!<%9$K56AuJ]8n$r$7$^$9!#�(B
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "Setting up IP spoofing protection..."
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
echo "done."
else
echo PROBLEMS SETTING UP IP SPOOFING PROTECTION. BE WORRIED.
echo "CONTROL-D will exit from this shell and continue system startup."
echo
# �$B%3%s%=!<%k>e$G%7%s%0%k%f!<%6%7%'%k$r5/F0$7$^$9!#�(B
/sbin/sulogin $CONSOLE
fi
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>�$B$3$l$,$G$-$J$$$J$i!"$9$Y$F$N%$%s%?!<%U%'!<%9$rJ]8n$9$k$?$a$K<jF0$G%k!<%k$r=q$-2C$($^$9!#�(B
�$B$3$N>l9g$O$=$l$>$l$N%$%s%?!<%U%'!<%9$K$D$$$F$NCN<1$,I,MW$G$9!#�(B
�$B%+!<%M%k�(B 2.1 �$B$O<+F0E*$K�(B127.* �$B$N%"%I%l%9�(B(�$B%m!<%+%k%k!<%W%P%C%/%$%s%?!<%U%'!<%9�(B <CODE>lo</CODE> �$B$KM=Ls$5$l$?$b$N�(B)�$B$+$iMW5a$9$k%Q%1%C%H$r5qH]$7$^$9!#�(B
<P>
<P>�$BNc$($P�(B <CODE>eth0</CODE>, <CODE>eth1</CODE> �$B$=$7$F�(B <CODE>ppp0</CODE> �$B$N�(B 3�$B$D$N%$%s%?!<�(B
�$B%U%'!<%9$,$"$j$^$9!#�(B
�$B%$%s%?!<%U%'!<%9$N%"%I%l%9$H%M%C%H%^%9%/$rCN$k$?$a$K�(B <CODE>ifconfig</CODE> �$B$r;H$&$3$H$,$G$-$^$9!#�(B
�$BNc$($P!"�(B <CODE>eth0</CODE> �$B$,%M%C%H%^%9%/�(B 255.255.255.0 �$B$N%M%C%H%o!<%/�(B 192.168.1.0 �$B$K%"%?%C%A$5$l!"�(B <CODE>eth1</CODE> �$B$O%M%C%H%^%9%/�(B 255.0.0.0 �$B$N%M%C%H%o!<%/�(B 10.0.0.0 �$B$K%"%?%C%A$5$l!"�(B <CODE>ppp0</CODE> �$B$,%$%s%?!<%M%C%H�(B(�$BM=Ls$5$l$?%W%i%$%Y!<%H�(B IP �$B%"%I�(B
�$B%l%9$r=|$$$F!"$I$s$J%"%I%l%9$G$b5v$5$l$^$9�(B)�$B!#<!$N$h$&$J%k!<%k$r2C$($k$H$h$$$G$7$g$&!#�(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
# ipchains -A input -i eth0 -s ! 192.168.1.0/255.255.255.0 -j DENY
# ipchains -A input -i ! eth0 -s 192.168.1.0/255.255.255.0 -j DENY
# ipchains -A input -i eth1 -s ! 10.0.0.0/255.0.0.0 -j DENY
# ipchains -A input -i ! eth1 -s 10.0.0.0/255.0.0.0 -j DENY
#
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>�$B$3$NJ}K!$O$*;H$$$N%M%C%H%o!<%/$,JQ$o$k$H!"$$$^$^$G$N$=$N>uBV$r0];}$9$k$?$a$K$"$J$?$O%U%!%$%"%&%)!<%k%k!<%k$rJQ99$7$J$1$l$P$$$1$J$$$N$G!"%=!<%9%"%I%l%9G'>Z�(B(Source Address Verification)�$B$G9T$&$[$INI$/$"$j$^$;$s!#�(B
<P>
<P>2.0 �$B7O$N%+!<%M%k$r$*;H$$$J$i!"<!$K<($9$h$&$J%k!<%k$r;H$C$F!"%k!<%W%P%C%/%$%s%?!<%U%'!<%9$b$^$?J]8n$7$?$$$+$b$7$l$^$;$s!#�(B
�$B<!$N$h$&$K%k!<%k$r;H$$$^$9�(B:
<P>
<BLOCKQUOTE><CODE>
<PRE>
# ipchains -A input -i ! lo -s 127.0.0.0/255.0.0.0 -j DENY
#
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H2><A NAME="ss5.8">5.8 �$B:G?7$N%W%m%8%'%/%H�(B</A>
</H2>
<P>
<P>�$B;d$O%f!<%6%9%Z!<%9%i%$%V%i%j$r=q$$$F$*$j!"$=$l$O�(B`libfw' �$B$H8F$P$l$k%=!<%9%G%#%9%H%j%S%e!<%7%g%s$r4^$s$G$$$^$9!#�(B
�$B$=$l$O�(B ipchains �$B$N%P!<%8%g%s�(B 1.3 �$B0J>e$NG=NO$r;HMQ$7$F�(B(IP_FIREWALL_NETLINK �$B$N%3%s%U%#%0%*%W%7%g%s$r;H$C$F�(B)�$B%f!<%6%9%Z!<%9$K%Q%1%C%H$r%3%T!<$7$^$9!#�(B
<P>
<P>�$B%^!<%/CM$O%Q%1%C%H$N$?$a$N�(B Service �$B$N<A�(B (QoS) �$B%Q%i%a!<%?$r7h$a$k$?$a$K;H$&$+!"$"$k$$$O!"%Q%1%C%H$,$I$N$h$&$K%]!<%H$KCf7Q$5$l$k$+$r7h$a$k$?$a$K;H$&$3$H$,$G$-$^$9!#�(B
�$B;d$O$I$A$i$bMxMQ$7$F$$$^$;$s$,!"$"$J$?$,$=$l$K$D$$$F=q$$$F$_$h$&$H;W$&$J$i!"$I$&$>;d$KO"Mm$r$7$F2<$5$$!#�(B
<P>
<P><B>�$B>uBV4Q;!�(B(stateful inspection)</B>(�$B;d$O%@%$%J%_%C%/%U%!%$%"%&%)!<%k$H$$$&8@MU$rDs>'$7$^$9�(B)�$B$N$h$&$J$3$H$O!"$3$N%i%$%V%i%j$r;H$&%f!<%6%9%Z!<%9$G<BAu$5$l$k$G$7$g$&!#�(B
�$B$=$NB>$NAG@2$i$7$$%"%$%G%#%"$O!"%f!<%6%9%Z!<%9%G!<%b%s$GC5$9$3$H$G%f!<%6$4$H$N4pHW>e$G%Q%1%C%H$r%3%s%H%m!<%k$7$^$9!#�(B
�$B$3$l$O$H$F$b4JC1$G$J$1$l$P$J$j$^$;$s!#�(B
<P>
<H3>SPF: �$B%9%F!<%H%U%k%Q%1%C%H%U%#%k%?%j%s%0�(B</H3>
<P>
<A HREF="ftp://ftp.interlinx.bc.ca/pub/spf">ftp://ftp.interlinx.bc.ca/pub/spf</A>
�$B>e5-$O!"�(B Brian Murrell �$B$N�(B SPF �$B%W%m%8%'%/%H$N%5%$%H$G!"$=$l$O%f!<%6%9%Z!<%9$G@\B3$NDI@W$r$7$^$9!#�(B
�$BDc%P%s%II}$N%5%$%H$K=EMW$J%;%-%e%j%F%#$rDI2C$7$F$$$^$9!#�(B
<P>
<P>�$B8=:_!"�(BSPF �$B$K$D$$$F$NJ8=q$O$[$H$s$I$"$j$^$;$s$,!"<!$N$b$N$O�(B Brian �$B$,<ALd$KEz$($?$b$N$r%a!<%j%s%0%j%9%H$KEj9F$7$?$b$N$G$9!#�(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
> �$B$=$l$3$=$,@5$K;d$NK>$`$3$H$r9T$J$&$H?.$8$F$$$^$9!#�(B
> �$B30It$X$NMW5a$N%l%9%]%s%9$H$7$F%Q%1%C%H$rDL$9$h$&$K�(B
> �$B0l;~E*$J�(B''�$B5UN.�(B(backward)''�$B$N%k!<%k$r%$%s%9%H!<%k$7$F$$$^$9!#�(B
�$B$O$$!"$=$NDL$j$G$9!#�(B
�$B%W%m%H%3%k$K$D$$$FM}2r$9$l$P$9$k$[$I!"�(B "�$B5UN.�(B(backward)" �$B$N%k!<%k$O$b$C$H@5$7$/$J$j$^$9!#�(B
�$B:#$N$H$3$m$O!"�(B (�$B3P$($G=q$$$F$$$^$9!"%(%i!<$d<jH4$+$j$,$"$C$F$b5v$7$F2<$5$$�(B)
FTP(�$B%"%/%F%#%V$H%Q%C%7%V!"FbB&$H30B&$NN>J}�(B)�$B!"�(BRealAudio�$B!"�(B traceroute�$B!"�(B
ICMP �$B$=$7$F=iJbE*$J�(B ICQ( ICQ �$B%5!<%P$+$iF~$k$b$N!"$=$7$F!"D>@\E*$J�(B TCP �$B@\B3$+$i$N$b$N!"$7$+$7$J$,$i%U%!%$%kE>Aw$N$h$&$J$3$H$K4X$9$kBh�(B2 �$B$ND>@\E*$J�(B TCP �$B@\B3$J$I$O$^$@$"$j$^$;$s$,�(B)�$B$r%5%]!<%H$7$F$$$^$9!#�(B
> SPF �$B$O�(B ipchains �$B$rCV$-49$($k$N$G$9$+!"$=$l$H$bJdB-$9$k$N$G$9$+!#�(B
�$BJdB-$9$k$b$N$G$9!#�(B
ipchains �$B$O�(B Linux �$B%^%7%s$r1[$($FEA$o$k%Q%1%C%H$r5v2D$7$?$j!"KI$$$@$j$9$kF;6q$G$9!#�(B
SPF �$B$O%I%i%$%P$G$"$j!"%H%i%U%#%C%/$r$?$($:4F;k$7$F!"$I$N$h$&$KJQ99$9$k$+$r�(B ipchains �$B$KEA$(!"�(B ipchains �$B$O!"JQ99$r%H%i%U%#%C%/%Q%?!<%s$KEA$($^$9!#�(B
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H3>Michael Hasenstein �$B$N�(B ftp-data �$B%O%C%/�(B</H3>
<P> SuSE �$B$N�(B Michael Hasenstein �$B$O�(B ipchains �$B$K�(B ftp �$B@\B3$NDI@W5!G=$rDI2C$9$k%+!<%M%k%Q%C%A$r=q$$$F$$$^$9!#�(B
�$B<!$N$H$3$m$K$"$j$^$9!#�(B
<A HREF="http://www.suse.de/~mha/patch.ftp-data-2.gz">http://www.suse.de/~mha/patch.ftp-data-2.gz</A><P>
<H2><A NAME="ss5.9">5.9 �$B:#8e$N2]Bj�(B</A>
</H2>
<P>�$B%U%!%$%"%&%)!<%k$H�(B NAT �$B$O�(B 2.4 �$B$G:F@_7W$5$l$F$$$^$9!#�(B
�$B7W2h$H5DO@$O�(B netfilter �$B$N%a!<%j%s%0%j%9%H$GMxMQ$G$-$^$9!#�(B
(
<A HREF="http://lists.samba.org">http://lists.samba.org</A>�$B$r8+$F2<$5$$�(B)
�$B$3$N$h$&$J6/2=$OB?$/$NMxJX@-$NLdBj$r2r7h$7!"�(B(�$B<B:]!"%U%!%$%"%&%)!<%k$d%^%9%+%l!<%I$O�(B<EM>�$B$3$N$h$&$J:$Fq�(B</EM> �$B$O$J$$$O$:$G$9�(B)�$B!"$=$7$F$b$C$H$O$k$+$K=@Fp@-$N$"$k%U%!%$%"%&%)!<%k$NH/E8$rB%$9$O$:$G$9!#�(B
<HR>
<A HREF="IPCHAINS-HOWTO-6.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="IPCHAINS-HOWTO-4.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="IPCHAINS-HOWTO.html#toc5">�$BL\<!$X�(B</A>
</BODY>
</HTML>
