Discuz!官方免费开源建站系统

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索

给用ipfw的同志,一个不错的脚本。

[复制链接]
上海狮王 发表于 2005-2-14 01:38:17 | 显示全部楼层 |阅读模式
#!/bin/sh
#
# Automatically generated by Plesk netconf
#

set -e

/sbin/sysctl net.inet.ip.forwarding=0 >/dev/null
/sbin/ipfw -q list >/dev/null 2>&1 || /sbin/kldload ipfw
(/sbin/ipf -D) >/dev/null 2>&1 || true
(/sbin/kldunload ipl) >/dev/null 2>&1 || true
(/sbin/pfctl -d) >/dev/null 2>&1 || true
(/sbin/kldunload pf) >/dev/null 2>&1 || true
/sbin/ipfw -q /dev/stdin << EOF
flush
delete set 31
add allow ip from any to any via lo0
add check-state
add reset tcp from any to any established

add allow tcp from any to me 8443 setup in keep-state

add allow tcp from any to me 80 setup in keep-state
add allow tcp from any to me 443 setup in keep-state

add allow tcp from any to me 21 setup in keep-state

add allow tcp from any to me 22 setup in keep-state

add allow tcp from any to me 25 setup in keep-state
add allow tcp from any to me 465 setup in keep-state

add allow tcp from any to me 110 setup in keep-state
add allow tcp from any to me 995 setup in keep-state

add allow tcp from any to me 143 setup in keep-state
add allow tcp from any to me 993 setup in keep-state

add allow tcp from any to me 106 setup in keep-state

add allow tcp from any to me 3306 setup in keep-state

add allow tcp from any to me 5432 setup in keep-state

add allow tcp from any to me 9008 setup in keep-state
add allow tcp from any to me 9080 setup in keep-state

add allow udp from any to me 137 in keep-state
add allow udp from any to me 138 in keep-state
add allow tcp from any to me 139 setup in keep-state
add allow tcp from any to me 445 setup in keep-state

add allow udp from any to me 1194 in keep-state

add allow udp from any to me 53 in keep-state
add allow tcp from any to me 53 setup in keep-state

add allow icmp from any to me icmptypes 8 in keep-state

add allow tcp from any to me setup in keep-state
add allow ip from any to me in keep-state

add allow tcp from me to any setup out keep-state
add allow ip from me to any out keep-state

add deny tcp from any to any setup
add deny ip from any to any

enable firewall
EOF
/sbin/sysctl net.inet.ip.fw.dyn_ack_lifetime=3600 >/dev/null
/sbin/sysctl net.inet.ip.forwarding=1 >/dev/null
echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
#
# End of script
#
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

手机版|小黑屋|Discuz! 官方站 ( 皖ICP备16010102号 )star

GMT+8, 2024-12-23 15:10 , Processed in 0.024129 second(s), 5 queries , Gzip On, Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2023, Tencent Cloud.

快速回复 返回顶部 返回列表