doc-linux-ja-html 2006.05.25-1.1 / usr / share / doc / HOWTO / ja-html / Firewall-HOWTO-7.html

This file is indexed.

/usr/share/doc/HOWTO/ja-html/Firewall-HOWTO-7.html is in doc-linux-ja-html 2006.05.25-1.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>Firewall And Proxy Server HOWTO: IP $B%U%#%k%?%j%s%0$N@_Dj(B(IPFWADM)</TITLE>
 <LINK HREF="Firewall-HOWTO-8.html" REL=next>
 <LINK HREF="Firewall-HOWTO-6.html" REL=previous>
 <LINK HREF="Firewall-HOWTO.html#toc7" REL=contents>
</HEAD>
<BODY>
<A HREF="Firewall-HOWTO-8.html">$B<!$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO-6.html">$BA0$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO.html#toc7">$BL\<!$X(B</A>
<HR>
<H2><A NAME="s7">7. IP $B%U%#%k%?%j%s%0$N@_Dj(B(IPFWADM)</A></H2>

<P> 
$B%+!<%M%k(B 2.1.102 $B0J>e$r;H$C$F$$$k$J$i$3$N>O$rHt$P$7$F!"<!$N(B IPCHAINS $B$N(B
$B>O$K?J$s$G$/$@$5$$!#(B
<P>$B0JA0$N%+!<%M%k$G$O(B IP Forwarding $B$O%G%U%)%k%H$G%+!<%M%k$KAH$_9~$^$l(B
$BM-8z$K$J$C$F$$$^$9!#(B
$B=>$C$F!"%M%C%H%o!<%/$r@_Dj$9$k>l9g$O!"$^$:A4$F$r5qH]$7!"(B
$B0JA0$KCV$+$l$F$$$?(B ipfw $B$N%k!<%k$rGK4~$9$k$Y$-$G$9!#(B
$B0J2<$N$h$&$J%9%/%j%W%H(B ($B$N0lItJ,(B) $B$r!"%M%C%H%o!<%/$N5/F0%9%/%j%W%H(B
(/etc/rc.d/init.d/network) $B$K=q$$$F$*$+$J$1$l$P$$$1$^$;$s!#(B
<P>
<P>
<PRE>
  #
  # IP packet Accounting $B$H(B Forwarding $B$N@_Dj(B
  #
  #   Forwarding
  #
  # $B%G%U%)%k%H$GA4$F$N%5!<%S%9$rIT5v2D$K$9$k!#(B
  ipfwadm -F -p deny
  # $BA4$F$N%3%^%s%I$rGK4~$9$k!#(B
  ipfwadm -F -f
  ipfwadm -I -f
  ipfwadm -O -f
</PRE>
<P>$B$5$F!"2f!9$O5f6K$N%U%!%$%"%&%)!<%k$r9=C[$7$^$7$?!#(B
$B$b$&2?$bDL$7$^$;$s!#(B
<P>$B$3$3$G(B /etc/rc.d/rc.firewall $B$H$$$&%U%!%$%k$r:n@.$7$^$9!#(B
$B$3$N%9%/%j%W%H$O(B email, web, DNS $B%H%i%U%#%C%/$r5v2D$7$^$9!#(B ;-)
<P>
<P>
<P>
<PRE>
#! /bin/sh
#
# rc.firewall
#
# $B4X?t%i%$%V%i%j$rFI$_9~$`(B
. /etc/rc.d/init.d/functions

# $B@_Dj$r<hF@(B
. /etc/sysconfig/network

# $B%M%C%H%o!<%/$,5/F0$7$F$$$k$+%A%'%C%/$9$k(B
if [ ${NETWORKING} = "no" ]
then
        exit 0
fi
case "$1" in
  start)
  echo -n "Starting Firewall Services: "
  # $B%5!<%P$KF~$k(B email $B$r5v2D$9$k!#(B
  /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.1.2.10 25
  # $B30It$N(B email $B%5!<%P$X$N@\B3$r5v2D$9$k(B
  /sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.10 25 -D 0.0.0.0/0 1024:65535
  # $B$"$J$?$N(B Web $B%5!<%P$K(B Web $B@\B3$r5v2D$9$k!#(B
  /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 192.1.2.11 80
  # $B30It$N(B Web $B%5!<%P$X$N(B Web $B@\B3$r5v2D$9$k!#(B
  /sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 80 -D 0.0.0.0/0 1024:65535 
  # DNS $B%H%i%U%#%C%/$r5v2D$9$k!#(B
  /sbin/ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 192.1.2.0/24
  ;;
  stop)
  echo -n "Stooping Firewall Services: "
  ipfwadm -F -p deny
  ;;
  status)
  echo -n "Now do you show firewall stats?"
  ;;
  restart|reload)
        $0 stop
        $0 start
        ;;
  *)
        echo "Usage: firewall {start|stop|status|restart|reload}"
        exit 1
esac
</PRE>
<P>
<P>$BCm0U(B - $B$3$NNc$G$O!"(B192.1.2.10 $B$K(B email (smtp) $B%5!<%P$,$"$C$F!"%]!<%H(B 25 $B$G(B
$BAw<u?.$,$G$-$J$1$l$P$J$i$J$$$H$7$F$$$^$9!#(B
web $B%5!<%P$O(B 192.1.2.11 $B$G1?MQ$7$F$$$^$9!#(B
LAN $B$K$$$kA4$F$NMxMQ<T$,!"30It$N(B web $B%5!<%P$H(B DNS $B%5!<%P$K(B
$BE~C#$G$-$k$h$&$K$7$F$$$^$9!#(B
<P>$B$3$l$O40A4$K40`z$H$O8@$($^$;$s!#(B
$B$J$<$J$i(B port 80 $B$O!"(Bweb $B%]!<%H$H$7$F;H$o$J$1$l$P$J$i$J$$$o$1$G$O$J$/!"(B
$B8-$$%O%C%+!<$J$i$3$N%]!<%H$r;H$C$F!"%U%!%$%"%&%)!<%k$r1[$($k(B
$B2>A[%W%i%$%Y!<%H%M%C%H%o!<%/(B (VPN) $B$r:n$k$G$7$g$&!#(B
$B$3$l$rHr$1$k$K$O!"(B web $B%W%m%-%7$r@_Dj$7!"%W%m%-%7$@$1$,(B
$B%U%!%$%"%&%)!<%k$rDL2a$G$-$k$h$&$K$9$k$3$H$G$9!#(B
LAN $BB&$N%f!<%6$,30$N(Bweb $B%5!<%P$KE~C#$9$k0Y$K$O%W%m%-%7$r(B
$B7PM3$7$J$1$l$P$J$i$J$$$h$&$K$7$^$9!#(B
<P>$B%U%!%$%"%&%)!<%k$rDL$k%H%i%U%#%C%/$N4*Dj$K$b6=L#$,$"$k$G$7$g$&!#(B
$B<!$N%9%/%j%W%H$OA4$F$N%Q%1%C%H$r?t$($^$9!#(B
$B$"$J$?$O%7%s%0%k%7%9%F%`$K8~$+$&%Q%1%C%H$r?t$($k0Y$K(B
$B0l!"Fs9T2C$($k$3$H$,$G$-$^$9!#(B
<P>
<P>
<PRE>
          
  # $B8=:_$N%"%+%&%s%H%k!<%k$rGK4~$9$k!#(B
  ipfwadm -A -f
  # Accounting
  /sbin/ipfwadm -A -f
  /sbin/ipfwadm -A out -i -S 192.1.2.0/24 -D 0.0.0.0/0
  /sbin/ipfwadm -A out -i -S 0.0.0.0/0 -D 192.1.2.0/24
  /sbin/ipfwadm -A in -i -S 192.1.2.0/24 -D 0.0.0.0/0
  /sbin/ipfwadm -A in -i -S 0.0.0.0/0 -D 192.1.2.0/24
</PRE>
<P>$BI,MW$J$N$,%U%#%k%?%j%s%0%U%!%$%"%&%)!<%k$@$1$J$i!"$"$J$?$O$3$3$G@_Dj$r(B
$B=*$($k$3$H$,$G$-$^$9!#(B
$B%F%9%H$7$F$+$i1?MQ$7$F$/$@$5$$!#(B
<P>
<HR>
<A HREF="Firewall-HOWTO-8.html">$B<!$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO-6.html">$BA0$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO.html#toc7">$BL\<!$X(B</A>
</BODY>
</HTML>

APT Browse - Built by Thomas Orozco.