我的 rc.firewall
| 六月 14, 2007 | 沒有迴響| 沒有引用| 1251 reads | Size: L, M, S | Edit: P, C, R || Category: Unix-like. and Tags: firewall, ipfw. |
之前有發表過一篇「Deny List」,裡面有說過要分享我的 rc.firewal,現在丟出來,有需要的可以抓。
首先記得編輯 kernel,加上:
# Firewall
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_FORWARD
options DUMMYNET
然後重新編譯核心。
接著,我的「/etc/rc.firewall」其中一部分是:
# Clean All Setting
/sbin/ipfw -f flush
# Throw away RFC 1918 networks
/sbin/ipfw add deny ip from 10.0.0.0/8 to any in
/sbin/ipfw add deny ip from 172.16.0.0/12 to any in
/sbin/ipfw add deny ip from 192.168.0.0/16 to any in
# Damn Search Bot
#/sbin/ipfw add deny all from 60.24.0.0/13 to any # Baidu
/sbin/ipfw add deny all from 61.135.0.0/16 to any # Baidu
#/sbin/ipfw add deny all from 65.54.188.0/24 to any # MS
#/sbin/ipfw add deny all from 65.55.209.0/24 to any # Microsoft
#/sbin/ipfw add deny all from 74.6.0.0/16 to any # Yahoo US
/sbin/ipfw add deny all from 122.152.128.0/17 to any # Baidu
/sbin/ipfw add deny all from 202.108.0.0/16 to any # Baidu
/sbin/ipfw add deny all from 202.160.178.0/24 to any # Yahoo China
/sbin/ipfw add deny all from 202.160.179.0/24 to any # Yahoo China
/sbin/ipfw add deny all from 202.160.180.0/24 to any # Yahoo China
/sbin/ipfw add deny all from 220.181.0.0/16 to any # Baidu
# Damn User
/sbin/ipfw add deny all from 202.106.182.188 to any
最後,「/etc/rc.conf」記得加上一行:
firewall_enable="YES"
然後重開,這樣應該就可以了。
+FunP | +HEMiDEMi | +My Share | +TwitThat | +Del.icio.us
隨機文章:
» Deny List
» [Ubuntu] 遠端登錄整理 - Windows 或 Unix 下使用XDMCP 或 VNC 登錄
» BT 的解釋
» 蕃薯藤 FIFA Plugin
近期文章:
« [Ubuntu] 安裝 FreeMind
» Lifetype 1.2.3 Hotfix
