[FUG-BR] Abrir portas ipfw
Wesley Miranda
wesleymiranda2 em gmail.com
Terça Outubro 14 16:47:26 BRT 2008
2008/10/12 Bandeira <gnu.groups em gmail.com>
> O problema é que não é FreeBSD e sim Leopard, não disse para não gerar
> flame.
> E nele não tem como tirar a regra 65535 allow ip from any to any ela sempre
> fica.
> As portas do aMule como disse eu sei quais são, 32003, 32715, 32000
> Eu achei na internet usar no Leopard assim:
>
> 65534 deny ip from any to any
> 65535 allow ip from any to any
>
> Mas dessa forma as portas do aMule não abrem, somente do torrent, 51413
>
> Minhas regras atuais com as portas do aMule abertas: Uso throttled pro.
>
> sh-3.2# ipfw list
> 00070 divert 17779 tcp from any to any out xmit en* tcpflags ack iplen 0-70
> 00070 divert 17779 tcp from any to any setup out xmit en*
> 00070 divert 17779 icmp from any to any out xmit en*
> 00070 divert 17779 tcp from any to any dst-port 53 out xmit en*
> 00070 divert 17779 udp from any to any dst-port 53 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 80 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 443 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 3130 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 8080 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 8118 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 9001 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 9030 out xmit en*
> 00070 divert 17779 tcp from any to any dst-port 9050 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 9051 out xmit en*
> 00070 divert 17779 tcp from any to any dst-port 22 out xmit en*
> 00070 divert 17779 tcp from any to any dst-port 2222 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 143 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 21 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 1863 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 6667 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 6668 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 9999 out xmit en*
> 00070 divert 17778 tcp from any to any dst-port 16732 out xmit en*
> 00070 divert 17777 ip from any to any out xmit en*
> 01000 allow ip from any to any via lo*
> 02000 deny ip from any to any frag
> 02001 allow udp from any to any dst-port 37003
> 02002 allow udp from any to any dst-port 32715
> 02003 allow tcp from any to any dst-port 32000
> 02004 allow tcp from any to any dst-port 51413
> 02005 allow tcp from any to any dst-port 16000
> 04001 deny ip from 127.0.0.0/8 to any in
> 04101 deny ip from any to 127.0.0.0/8 in
> 04201 deny ip from 224.0.0.0/3 to any in
> 04301 deny tcp from any to 224.0.0.0/3 in
> 04401 allow tcp from any to any out
> 04501 allow tcp from any to any established
> 04601 allow icmp from any to any icmptypes 0,3,11
> 04602 allow icmp from any to any icmptypes 8 out
> 04701 deny icmp from any to any
> 04801 deny ip from any to any ipoptions rr
> 04901 deny ip from any to any ipoptions ts
> 05001 deny ip from any to any ipoptions lsrr
> 05101 deny ip from any to any ipoptions ssrr
> 05301 deny tcp from any to any tcpflags syn,fin
> 05311 deny tcp from any to any tcpflags syn,rst
> 05321 deny tcp from any 0 to any
> 05331 deny tcp from any to any dst-port 0
> 05341 deny udp from any 0 to any
> 05351 deny udp from any to any dst-port 0
> 05361 deny ip from 224.0.0.0/4 to any in
> 05371 deny ip from 0.0.0.0/8 to any
> 65535 allow ip from any to any
>
>
Meu jovem,
Essa regra pode lhe ajudar bastante.
/sbin/ipfw add <NUMERO> allow udp from any to any dst-port 32000,32003,32715
/sbin/ipfw add <NUMERO> allow tcp from any to any dst-port 32000,32003,32715
/sbin/ipfw add <NUMERO> allow udp from any to any src-port 32000,32003,32715
/sbin/ipfw add <NUMERO> allow tcp from any to any src-port 32000,32003,32715
Abraço.
Wesley Miranda
FreeBSD Consult
wesley em freebsdconsult.com.br
Mais detalhes sobre a lista de discussão freebsd