对FreeBSD的ipfw实在不理解！

哥哥们，给个详细的配置吧？

我的服务器只想开放80/21/22端口，其他的全封，怎么弄～～

谢谢！！

你得说说你机子的情况啊。几个网卡？freebsd版本？等

确认你的freebsd编译内核时将ipfw编译到内核了

1. options IPFIREWALL # required for IPFW
   
2. options IPFIREWALL_VERBOSE # optional; logging
   
3. options IPFIREWALL_VERBOSE_LIMIT=10 # optional; don't get too many log entries
   
4. options IPDIVERT # needed for natd

复制代码

编辑 /etc/rc.conf
加入

1. firewall_enable="YES"
   
2. firewall_script="/usr/local/etc/ipfw.rules"

复制代码

创建/编辑 /usr/local/etc/ipfw.rules

1. 
   
2. IPF="ipfw -q add"
   
3. ipfw -q -f flush
   
4. 
   
5. #回环地址
   
6. $IPF 10 allow all from any to any via lo0
   
7. $IPF 20 deny all from any to 127.0.0.0/8
   
8. $IPF 30 deny all from 127.0.0.0/8 to any
   
9. $IPF 40 deny tcp from any to any frag
   
10. 
    
11. # statefull
    
12. $IPF 50 check-state
    
13. $IPF 60 allow tcp from any to any established
    
14. $IPF 70 allow all from any to any out keep-state
    
15. $IPF 80 allow icmp from any to any
    
16. 
    
17. # 打开 ftp (20,21), ssh (22)
    
18. # http (80), dns (53) etc 建议打开53端口
    
19. $IPF 110 allow tcp from any to any 21 in
    
20. $IPF 120 allow tcp from any to any 21 out
    
21. $IPF 130 allow tcp from any to any 22 in
    
22. $IPF 140 allow tcp from any to any 22 out
    
23. $IPF 170 allow udp from any to any 53 in
    
24. $IPF 175 allow tcp from any to any 53 in
    
25. $IPF 180 allow udp from any to any 53 out
    
26. $IPF 185 allow tcp from any to any 53 out
    
27. $IPF 200 allow tcp from any to any 80 in
    
28. $IPF 210 allow tcp from any to any 80 out
    
29. 
    
30. # deny and log everything
    
31. $IPF 500 deny log all from any to any

复制代码

启动ipfw

1. sh /usr/local/etc/ipfw.rules

复制代码

不是很清楚。。