[FUGSPBR] Script ipfw
Leandro José da Silva
freebsd em fastcars.com.br
Ter Dez 9 23:44:50 BRST 2003
Ola senhor Joao Rocha tinha me esquecido de postar a regras do sitema
heheheheheh
estao essas regras
# Setup Loopback
#
ipfw add 30 pass all from any to any via lo0
ipfw add 31 deny all from any to 127.0.0.0/8
ipfw add 32 deny ip from 127.0.0.0/8 to any
# Firewall
#
ipfw add 37 deny tcp from any 445 to any
ipfw add 38 deny tcp from any to any 445
ipfw add 39 deny tcp from any 17300 to any
ipfw add 40 deny tcp from any to any 17300
ipfw add 43 deny udp from any 445 to any
ipfw add 44 deny udp from any to any 445
ipfw add 45 deny udp from any 137-139 to any
ipfw add 46 deny udp from any to any 137-139
ipfw add 47 deny udp from any 2001 to any
ipfwadd 48 deny udp from any to any 2001
ipfw add 49 deny udp from any 192 to any
ipfw add 50 deny udp from any to any 192
ipfw add 51 deny udp from any 67 to any
ipfw add 52 deny udp from any to any 67
ipfw add 53 deny udp from any 68 to any
ipfw add 54 deny udp from any to any 68
ipfw add 55 deny log udp from any to any 1900
ipfw add 56 permit icmp from any to any icmptypes 0,3,8
ipfw add 57 deny icmp from any to any
To: <fugspbr em fugspbr.org>
Sent: Tuesday, December 09, 2003 11:15 PM
Subject: Re: [FUGSPBR] Script ipfw
>
> Este é o seu script de firewall? Sabe o que falta para para bloquear
> o resto dos IPs?
>
> ipfw add 65000 deny log ip from any to any
>
> Mas antes tem que colocar as regras de permissões que o servidor
> precisa, imclusive
> para a loopback
>
> ipfw add 10 allow ip from any to any via lo0
>
> João Rocha.
>
>
>
> Leandro José da Silva wrote:
>
> >Olá pessoal
> >
> >Meu nome eh leandro e eu estou precisando urgente de um script para que
eu
> >possa controlar banda e bloquear ips ao mac com o ipfw
> >
> >jah tenho um controle de banda mas tenho que melhora-lo
> >
> >tenho que bloquear todos os outros ips nao cadastrados mas nao estoi
> >conseguindo
> >
> >se possivel alguem me ajudar agradecerei muito
> >
> >o controle que uso hj eh
> >estou usando o paremtro net.inet.ip.fw.one_pass=0
> >
> >ipfw -f flush
> >ipfw -f pipe flush
> >ipfw -f queue flush
> >
> >. /root/clientes_db
> >
> ># Natd
> >
> >ipfw add 100 divert 8668 all from any to any via xl0
> >
> ># Aggea-pia
> >ipfw pipe 10 config bw ${bw_aggeapia}Kbit/s queue 11
> >ipfw pipe 11 config bw ${bw_aggeapia}Kbit/s queue 11
> >ipfw add 500 pipe 10 ip from any to ${ip_aggeapia}
> >ipfw add 510 pipe 11 ip from ${ip_aggeapia} to any
> >
> ># CDL
> >ipfw pipe 12 config bw ${bw_cdl}Kbit/s queue 11
> >ipfw pipe 13 config bw ${bw_cdl}Kbit/s queue 11
> >ipfw add 520 pipe 12 ip from any to ${ip_cdl}
> >ipfw add 530 pipe 13 ip from ${ip_cdl} to any
> >
> ># Lider contab
> >ipfw pipe 14 config bw ${bw_lider}Kbit/s queue 11
> >ipfw pipe 15 config bw ${bw_lider}Kbit/s queue 11
> >ipfw add 540 pipe 14 ip from any to ${ip_lider}
> >ipfw add 550 pipe 15 ip from ${ip_lider} to any
> >
> >
> >
> >_______________________________________________________________
> >Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
> >Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
> >
> >
> >
> >
>
>
> _______________________________________________________________
> Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
> Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
>
_______________________________________________________________
Sair da Lista: http://lists.fugspbr.org/listinfo.cgi
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
Mais detalhes sobre a lista de discussão freebsd