谁能帮我写一个放火墙，我用的是：FREE BSD5.4，只做WEB系统。

帮顶一下////

帮顶一下////

没用
贴下我的垃圾的
#######tcp#######
add 00100 check-state

# --- For sshd: port 250 ---
add 00211 allow tcp from any to me 250
add 00212 allow tcp from me 250 to any

# --- For apache: port 80 ---
add 00411 allow tcp from any to me 80
add 00412 allow tcp from me 80 to any
#add 00441 allow tcp from any to me 3306
#add 00442 allow tcp from me 3306 to any
#######NTP#######
add 00241 allow tcp from any to me 123
add 00242 allow tcp from me 123 to any
add 00243 allow udp from any to me 123
add 00244 allow udp from me 123 to any

########WWW#######
#add 00411 allow tcp from any to me 8088
#add 00412 allow tcp from me 8088 to any
#######FTP#######
add 00421 allow tcp from any to me 21
add 00422 allow tcp from me 21 to any
add 00423 allow tcp from any to me 58120-58125
add 00424 allow tcp from me 58120-58125 to any
#######DoDServer#######
#add 00431 allow utp from any to 27015
#add 00432 allow utp me 27015 to any
#add 00433 allow utp from any to me 59120-59130
#add 00434 allow utp from me 59120-59130 to any
#allow DNS/UDP 53
add 10001 allow udp from any 53 to me in recv em0
add 10002 allow udp from any to me 53 in recv em0
add 10003 allow udp from any to any out

#######log set#########
add 10100 deny log logamount 3 tcp from any 137 to me
add 10101 deny log logamount 3 tcp from any to any in established
add 10102 allow tcp from any to any out setup keep-state

#######deny scan#########
add 10201 deny log logamount 3 ip from any to any ipoptions rr
add 10202 deny log logamount 3 ip from any to any ipoptions ts
add 10203 deny log logamount 3 ip from any to any ipoptions ssrr
add 10204 deny log logamount 3 ip from any to any ipoptions lsrr
add 10205 deny log logamount 3 tcp from any to any in tcpflags syn,fin

######icmp#########
#allowICMP types#########
###########inout.path-mtu
add 12000 allow icmp from any to any icmptypes 3
add 12001 allow icmp from any to any icmptypes 4
###########ping out#########
add 12100 allow icmp from any to any icmptypes 8 out
add 12101 allow icmp from any to any icmptypes 0 in
###########traceroute#########
add 12200 allow icmp from any to any icmptypes 11 in
#add 12201 allow icmp from any to any
add 12202 deny log logamount 3 icmp from any to me via em0


# Allow all traffic#########
#add 65535 allow ip from any to any

#########block other#########
add deny ip from any to any