1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
<TITLE>Linux IPCHAINS-HOWTO: �$B%Q%1%C%H%U%#%k%?%j%s%0$N4pAC�(B</TITLE>
<LINK HREF="IPCHAINS-HOWTO-3.html" REL=next>
<LINK HREF="IPCHAINS-HOWTO-1.html" REL=previous>
<LINK HREF="IPCHAINS-HOWTO.html#toc2" REL=contents>
</HEAD>
<BODY>
<A HREF="IPCHAINS-HOWTO-3.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="IPCHAINS-HOWTO-1.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="IPCHAINS-HOWTO.html#toc2">�$BL\<!$X�(B</A>
<HR>
<H2><A NAME="s2">2.</A> <A HREF="IPCHAINS-HOWTO.html#toc2">�$B%Q%1%C%H%U%#%k%?%j%s%0$N4pAC�(B</A></H2>
<H2><A NAME="ss2.1">2.1</A> <A HREF="IPCHAINS-HOWTO.html#toc2.1">�$B%Q%1%C%H%U%#%k%?$H$O2?$r$9$k$b$N�(B?</A>
</H2>
<P>�$B%M%C%H%o!<%/$rDL$kA4$F$N%H%i%U%#%C%/$O!"%Q%1%C%H$N7A$GAw$j=P$5$l$^$9!#�(B
�$BNc$($P!"$3$N%Q%C%1!<%8�(B(50K�$B%P%$%H$O$"$k$G$7$g$&�(B)�$B$r%@%&%s%m!<%I$9$k$3$H$G!"�(B1460�$B%P%$%H$N%Q%1%C%H�(B36�$B8D$[$I$r<u?.$9$k$3$H$K$J$k$G$7$g$&�(B(�$B<B:]$K$O$=$N$H$-$I$-$K$h$C$F8D?t$d%5%$%:$O0[$J$j$^$9�(B)�$B!#�(B</P>
<P>(�$BLuCm�(B: �$B8=:_$G$O$3$NJ8=q$O�(B100KB�$B$r1[$($F$$$^$9�(B:))</P>
<P>�$B3F%Q%1%C%H$O$=$l$,$I$3$K8~$1$i$l$?$b$N$+$r5-=R$9$kItJ,$+$i;O$^$j!"$I$3$+$iMh$?$b$N$+!"$=$l$+$i%Q%1%C%H$N<oN`$H4IM}>eI,MW$J>\:YFbMF$r4^$s$G$$$^$9!#�(B
�$B%Q%1%C%H$N$3$N3+;OItJ,$O!"�(B<B>�$B%X%C%@�(B</B>�$B$H8F$P$l$F$$$^$9!#$^$?!"EAAw$5$l$F$$$k<B:]$N%G!<%?$r4^$s$@%Q%1%C%H$N;D$j$NItJ,$O!"DL>o�(B<B>�$B%\%G%#�(B</B>�$B$H8F$P$l$F$$$^$9!#�(B</P>
<P>�$B%&%'%V!&%H%i%U%#%C%/!"%a!<%k$H%j%b!<%H%m%0%$%s$N$?$a$K;H$o$l$k$$$/$D$+$N%W%m%H%3%k�(B(�$BNc$($P�(B <B>TCP</B>)�$B$O�(B `�$B@\B3�(B(�$B%3%M%/%7%g%s�(B)'�$B$H$h$P$l$k35G0$r;H$$$^$9!#�(B
�$B<B:]$N%G!<%?%Q%1%C%H$,Aw$j=P$5$l$kA0$K!"�(B`�$B;d$O!"@\B3$7$?$$�(B'�$B!"�(B`OK'�$B!"$=$7$F�(B`�$B$"$j$,$H$&�(B'�$B$H$$$C$?!"�(B(�$BFCJL$J%X%C%@$rH<$&�(B)�$B?'!9$J%;%C%H%"%C%W!&%Q%1%C%H$r8r49$7$^$9!#�(B</P>
<P>�$B%Q%1%C%H!&%U%#%k%?$O!"%Q%1%C%H$N�(B<EM>�$B%X%C%@�(B</EM>�$B$r8+$F!"$=$N%Q%1%C%HA4BN$r$I$N$h$&$K<h$j07$&$+$r7hDj$9$k>.$5$J%=%U%H%&%'%"$G$9!#%Q%1%C%H$O�(B<B>�$B5qH]�(B(deny)</B>(�$B$9$J$o$A!"<u?.$7$J$+$C$?$+$N$h$&$K!"%Q%1%C%H$r<N$F$k�(B)�$B$3$H$K7h$a$i$l$k$+$b$7$l$J$$$7!"�(B<B>�$B5v2D�(B(accept)</B>(�$B$9$J$o$A!"%Q%1%C%H$rDL2a$5$;$k�(B)�$B$9$k$3$H$K$J$k$+$b$7$l$J$$$7!"%Q%1%C%H$r�(B<B>�$BJV5Q�(B(reject)</B>("�$B5qH]�(B"�$B$H;w$F$$$k$1$l$I!"%Q%1%C%H$NH/?.85$K$=$N$3$H$rDLCN$9$k�(B)�$B$9$k$+$b$7$l$^$;$s!#�(B</P>
<P>Linux �$B$K$*$$$F$O!"%Q%1%C%H!&%U%#%k%?%j%s%0$O%+!<%M%k$KAH$_9~$^$l$F$$$^$9!#�(B
�$B$=$7$F!"%Q%1%C%H$N<h07$$$K4X$7$F>/$7$P$+$j%H%j%C%/$r;E3]$1$k$3$H$,$G$-$^$9$,!"$=$N4pK\E*$J5,B'$O$"$/$^$G%X%C%@$r8+$F!"%Q%1%C%H$N<h$j07$$$r7hDj$9$k$H$$$&$b$N$G$9!#�(B</P>
<H2><A NAME="ss2.2">2.2</A> <A HREF="IPCHAINS-HOWTO.html#toc2.2">�$B$J$<�(B?</A>
</H2>
<P>�$B%3%s%H%m!<%k!#%;%-%e%j%F%#!#4F;k!#�(B</P>
<P>
<DL>
<DT><B>�$B%3%s%H%m!<%k�(B:</B><DD><P>�$B$"$J$?$,�(B Linux �$B%\%C%/%9$rFbIt$N%M%C%H%o!<%/$HJL$N%M%C%H%o!<%/�(B(�$BNc$($P!"%$%s%?!<%M%C%H�(B)�$B$r7R$0$?$a$K;H$C$F$$$k$J$i!"�(B �$B$"$J$?$K$O!"FCDj$N%H%i%U%#%C%/$@$15v2D$7$F!"B>$N$b$N$r5v$5$J$$$h$&$K$9$k%A%c%s%9$,$"$j$^$9!#�(B
�$BNc$($P!"%Q%1%C%H$N%X%C%@!<$K$O$"$F@h%"%I%l%9�(B �$B$,4^$^$l$F$$$F!"30It%M%C%H%o!<%/$N$H$"$k=j$X8~$+$&%Q%1%C%H$r5qH]$9$k�(B �$B$3$H$,$G$-$^$9!#�(B
�$BJL$NNc$H$7$F!"�(BNetscape �$B$r;H$C$F�(B Dilbert �$B$N%"!<%+%$%V�(B (�$BLuCm�(B: Dilbert �$B$H$$$&%(%s%8%K%"$,<g?M8x$NIw;IL!2h$N%5%$%H!"$A$J$_$K�(B dilbert �$B$N0UL#$O�(B'�$B$P$+�(B') �$B$K%"%/%;%9$9$k>l9g$G$9!#�(B
�$B%Z!<%8$K$O�(B doubleclick.net �$B$N9-9p$,$"$j!"�(B Netscape �$B$O$=$l$r$$$=$$$=$H%@%&%s%m!<%I$9$k$?$a$K;d$N;~4V$rO2Hq$7$^$9!#�(B
�$B%Q%1%C%H%U%#%k%?!<$K�(B doubleclick.net �$B=jM-$N%"%I%l%9$+$i$N$I$s$J%Q%1%C%H$b5v2D$7$J$$$h$&$K;X<($9$l$PLdBj$O2r7h$7$^$9�(B(�$B$b$C$H$$$$J}K!$,$"$j$^$9$1$l$I�(B: Junkbuster (�$BLuCm�(B:
<A HREF="http://internet.junkbuster.com">http://internet.junkbuster.com</A> ) �$B$r8+$F2<$5$$�(B)�$B!#�(B</P>
<DT><B>�$B%;%-%e%j%F%#�(B:</B><DD><P>�$B$"$J$?$N�(B Linux �$B%\%C%/%9$,%$%s%?!<%M%C%H$N:.FY$H!"Ca=x@5$7$$$"$J$?$N$9$F$-$J%M%C%H%o!<%/$N4V$K$"$kM#0l$NJ*$J$i!"$9$P$i$7$$$3$H$K!"$"$J$?$O2%$j$K$d$C$FMh$k<T$r%I%"$N$H$3$m$G@)8B$9$k$3$H$,$G$-$^$9!#�(B
�$BNc$($P!"$"$J$?$N%M%C%H%o!<%/$+$i=P$F9T$/$b$N$O2?$G$b5v$9$h$&$K$7$F!"0-0U$N$"$k30It$+$i$N$h$/CN$i$l$?�(B `Ping of Death' �$B967b$r7Y2|$9$k$h$&$K$G$-$^$9!#�(B
�$BJL$NNc$H$7$F!"$"$J$?$N�(B Linux �$B%\%C%/%9$K!"$?$H$(A4$F$N%"%+%&%s%H$K%Q%9%o!<%I$,IU$$$F$$$k$H$7$F$b!"30It$N<T$,�(B telnet �$B$7$F$/$k$3$H$rK>$^$J$$$+$b$7$l$^$;$s!#�(B
�$B$?$V$s!"$"$J$?$O�(B(�$BBgDq$N?M!9$N$h$&$K�(B)�$B%$%s%?!<%M%C%H$r$?$@D/$a$F$$$?$$$@$1$G!"%5!<%P!<$K�(B(�$B9%$`$H9%$^$:$K$+$+$o$i$:�(B)�$B$J$j$?$/$J$$$N$G$9!#�(B
�$BC1=c$K!"%Q%1%C%H%U%#%k%?!<$G@\B3$r3+;O$9$k%Q%1%C%H$NN.F~$r5qH]$7$F!"$@$l$K$b@\B3$5$l$J$$$h$&$K$7$F2<$5$$!#�(B</P>
<P>(�$BLuCm�(B: "�$B;`$N�(Bping"
�$B0[>o$KD9Bg$J�(B ICMP �$B%Q%1%C%H$J$I$r%M%C%H%o!<%/@\B3$5$l$?%3%s%T%e!<%?$KAw$j$D$1$F!"%7%9%F%`%/%i%C%7%e$d%5!<%S%9$NDd;_$r0z$-5/$3$9967b$N$3$H!#�(B)</P>
<DT><B>�$B4F;k�(B:</B><DD><P>�$B$H$-$I$-%m!<%+%k%M%C%H%o!<%/Cf$K4D6-@_Dj$N0-$$%^%7%s$,$"$j!"30$N@$3&$K%Q%1%C%H$,O3$l=P$k$h$&$K$J$C$F$$$k$3$H$,$"$j$^$9!#�(B
�$B$9$P$i$7$$$3$H$K!"%Q%1%C%H%U%#%k%?!<$O2?$+0[>o$J$3$H$,5/$3$C$?$H$-$K$"$J$?$KCN$i$;$F$/$l$^$9!#�(B
�$B$=$l$K$h$C$F2?$i$+$NBP=h$,$G$-$k$3$H$rCN$k$+!"$"$k$$$O$?$@C1$K<+J,$,A':w9%$-$J@-3J$@$HCN$k$@$1$+$b$7$l$^$;$s!#�(B</P>
</DL>
</P>
<H2><A NAME="basics-how"></A> <A NAME="ss2.3">2.3</A> <A HREF="IPCHAINS-HOWTO.html#toc2.3">�$B$I$&$d$C$F�(B?</A>
</H2>
<H3>�$B%Q%1%C%H%U%#%k%?%j%s%05!G=$rM-8z$K$7$?%+!<%M%k�(B</H3>
<P>�$B?7$7$$�(B IP �$B%U%!%$%"%&%)!<%k!&%A%'!<%s5!G=$r;}$D%+!<%M%k$,I,MW$G$9!#:#F0:n$7$F$$$k%+!<%M%k$,!"$3$N5!G=$rAH$_9~$s$@$b$N$+$I$&$+H=CG$9$k$K$O!"�(B /proc/net/ip_fwchains �$B$rC5$7$F$_$^$7$g$&!#�(B
�$B$3$l$,B8:_$9$k$J$i$P!"4{$KAH$_9~$^$l$F$$$^$9!#�(B</P>
<P>(�$BLuCm�(B: 2.2.x�$B0J9_$N%+!<%M%k$r$*;H$$$N>l9g$O!"BgDq4{$KAH$_9~$^$l$F$$$k$3$H$G$7$g$&!#�(B)</P>
<P>�$B$b$7$=$&$G$J$1$l$P!"$"$J$?$O�(B IP �$B%U%!%$%"%&%)!<%k!&%A%'!<%s$r;}$D%+!<%M%k$r:n$kI,MW$,$"$j$^$9!#�(B
�$B:G=i$K!"$"$J$?$,M_$7$$%+!<%M%k$N%=!<%9$r%@%&%s%m!<%I$7$^$7$g$&!#$"$J$?$N%+!<%M%k$,�(B �$B%P!<%8%g%s�(B 2.1.102 �$B0J9_$N$b$N$J$i!"8=:_<gN.$N%+!<%M%k$G$"$k$N$G!"2~$a$F%Q%C%A$rEv$F$kI,MW$O$"$j$^$;$s!#�(B
�$B$=$&$G$J$$;~$K$OA0=P$N�(B Web �$B%Z!<%8$+$i%Q%C%A$rF~<j$7$FE,MQ$7!"$=$7$F<!$K<($9$h$&$J@_Dj$G%+!<%M%k$r9=@.$7$F2<$5$$!#$b$7!"$"$J$?$,$3$l$r$9$kJ}K!$rCN$i$J$/$F$b!"92$F$J$$$G�(B Kernel-HOWTO �$B$rFI$_$^$7$g$&!#�(B</P>
<P>(�$BLuCm�(B: Kernel-HOWTO�$B$NK.Lu$O�(B
<A HREF="http://www.linux.or.jp/JF/JFdocs/Kernel-HOWTO.html">http://www.linux.or.jp/JF/JFdocs/Kernel-HOWTO.html</A> �$B$K$"$j$^$9!#�(B)</P>
<P>�$B$"$J$?$,�(B<EM>2.0-�$B%7%j!<%:$N%+!<%M%k�(B</EM>�$B$K@_Dj$9$kI,MW$,$"$k%3%s%U%#%0%l!<%7%g%s%*%W%7%g%s$O!"0J2<$NDL$j$G$9�(B:</P>
<P>
<HR>
<PRE>
CONFIG_EXPERIMENTAL=y
CONFIG_FIREWALL=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_CHAINS=y
</PRE>
<HR>
</P>
<P><EM>2.1 �$B$+�(B 2.2 �$B$N%7%j!<%:!&%+!<%M%k�(B</EM>�$B$N>l9g$O<!$NDL$j$G$9�(B:
<HR>
<PRE>
CONFIG_FIREWALL=y
CONFIG_IP_FIREWALL=y
</PRE>
<HR>
</P>
<P>�$B%D!<%k$G$"$k�(B <CODE>ipchains</CODE> �$B%W%m%0%i%`$O!"%+!<%M%k$KBP$7$F$I$s$J%Q%1%C%H$r%U%#%k%?$9$k$Y$-$+$K$D$$$FDLCN$9$k$?$a$N$b$N$G$9!#$"$J$?$,%W%m%0%i%^$G$"$k$+!"4qFC$J?M4V$G$J$$8B$j!"$3$l$,%Q%1%C%H%U%#%k%?%j%s%0$r@)8f$9$kJ}K!$H$J$j$^$9!#�(B</P>
<H3>ipchains</H3>
<P><CODE>ipchains</CODE> �$B%D!<%k$O!"%+!<%M%k$N%Q%1%C%H!&%U%#%k%?%j%s%0$K4X$9$k%;%/%7%g%s$+$i%k!<%k$rA^F~$7$?$j:o=|$7$?$j$7$^$9!#�(B
�$B$3$l$O!"$"$J$?$,$?$H$(2?$r@_Dj$7$F$b!"$=$l$,:F5/F0$K$h$C$F>C$($F$7$^$&$3$H$r0UL#$7$F$$$^$9!#�(B
�$B<!2s!"�(B Linux �$B$,%V!<%H$5$l$k:]$K!"$=$l$i$r3N<B$KLa$9$9$kJ}K!$K$D$$$F$O!"<!$N@a�(B
<A HREF="#permanent">�$B%U%#%k%?5,B'$r915WE*$K$9$k$K$O�(B</A> �$B$r;2>H$7$F2<$5$$!#�(B</P>
<P><CODE>ipchains</CODE> �$B$O0JA0$^$G�(BIP�$B%U%!%$%"%&%)!<%k$r<B8=$9$k$?$a$K;H$o$l$F$$$?�(B ipfwadm �$B$HCV$-49$($i$l$k$3$H$K$J$j$^$9!#�(B
�$BLr$KN)$D%9%/%j%W%H$N%;%C%H$,!"<!$N�(B ipchains �$B$N%"%I%l%9$+$iF~<j2DG=$G$9�(B: </P>
<P>
<A HREF="http://netfilter.filewatcher.org/ipchains/ipchains-scripts-1.1.2.tar.gz">http://netfilter.filewatcher.org/ipchains/ipchains-scripts-1.1.2.tar.gz</A></P>
<P>�$B$3$l$K$O0JA09T$o$l$F$$$?$N$HF1$8$h$&$J%9%?%$%k$G%Q%1%C%H!&%U%#%k%?%j%s%0$r9T$o$;$k$?$a$N�(B <CODE>ipfwadm-wrapper</CODE> �$B$H8F$P$l$F$$$k%7%'%k%9%/%j%W%H$r4^$s$G$$$^$9!#�(B
�$B$"$J$?$,�(B <CODE>ipfwadm</CODE> (ipchains�$B$HHf$Y!"$h$jCY$/$F!"0z?t!"$=$NB>$r%A%'%C%/$7$J$$Ey$N$b$N�(B)�$B$r;H$&%7%9%F%`$r%"%C%W%0%l!<%I$9$k<j$C<h$jAa$$J}K!$,M_$7$/$J$$8B$j!"$"$J$?$OB?J,$3$N%9%/%j%W%H$r;H$&$Y$-$G$O$J$$$G$7$g$&!#�(B
�$B$=$&$$$&J}$K$O$"$^$j$3$N�(B HOWTO �$B$bI,MW$H$O$5$l$J$$$3$H$H;W$$$^$9!#�(B</P>
<P><CODE>ipfwadm</CODE> �$B4XO"$N>\:Y$K$D$$$F$O!"IUO?�(B:
<A HREF="IPCHAINS-HOWTO-8.html#ipfwadm-diff">ipchains �$B$H�(B ipfwadm �$B$H$N0c$$�(B</A> �$B$dIUO?�(B:
<A HREF="IPCHAINS-HOWTO-9.html#upgrade">`ipfwadm-wrapper'�$B%9%/%j%W%H$r;H$&�(B</A> �$B$r$4Mw2<$5$$!#�(B</P>
<H3><A NAME="permanent"></A> �$B%U%#%k%?5,B'$r915WE*$K$9$k$K$O�(B</H3>
<P>�$B$"$J$?$N8=:_$N%U%!%$%"%&%)!<%k@_Dj$O!"%+!<%M%k$K3JG<$5$l$F!"$3$N$h$&$K:F5/F0;~$K$O<:$o$l$F$7$^$$$^$9!#�(B
�$B$"$J$?$N%k!<%k$r915WE*$K$9$k$?$a$K�(B `ipchains-save' �$B$H�(B `ipchains-restore' �$B%9%/%j%W%H$r;H$&$3$H$r$*4+$a$7$^$9!#�(B
�$B$3$l$r;H$&$K$O!"$^$:$"$J$?$N%k!<%k$r@_Dj$7$F!"<!$N$h$&$K%3%^%s%I$r<B9T$7$^$9�(B(root �$B$H$7$F<B9T$7$F2<$5$$�(B): </P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# ipchains-save > /etc/ipchains.rules
#
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>�$B%9%/%j%W%H$O<!$N$h$&$K:n$C$F$*$-$^$9�(B:</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
#! /bin/sh
# �$B%Q%1%C%H%U%#%k%?@)8f$N$?$a$N%9%/%j%W%H�(B
# �$B%k!<%k$,$J$1$l$P2?$b$7$J$$�(B
[ -f /etc/ipchains.rules ] || exit 0
case "$1" in
start)
echo -n "Turning on packet filtering:"
/sbin/ipchains-restore < /etc/ipchains.rules || exit 1
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "."
;;
stop)
echo -n "Turning off packet filtering:"
echo 0 > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -F
/sbin/ipchains -X
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward ACCEPT
echo "."
;;
*)
echo "Usage: /etc/init.d/packetfilter {start|stop}"
exit 1
;;
esac
exit 0
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>�$B$3$l$,5/F0;~$N:G=i$N$&$A$K<B9T$5$l$k$h$&$K$7$^$9!#I.<T$N%1!<%9�(B (Debian 2.1) �$B$G$O!"�(B `S39packetfilter' �$B$H$$$&%7%s%\%j%C%/%j%s%/$r�(B `/etc/rcS.d' �$B%G%#%l%/%H%j$K:n$C$F$"$j$^$9�(B(�$B$3$l$O!"�(B S40network �$B$NA0$K<B9T$5$l$^$9�(B)�$B!#�(B</P>
<P>(�$BLuCm�(B: �$B!V:G=i$N$&$A!W$H$$$&$N$O!"5/F0;~!"%M%C%H%o!<%/$KBP$7$FDL?.$,2DG=$H$J$k>uBV0JA0$K9T$&$H$$$&0UL#$G$9!#�(B
�$B%M%C%H%o!<%/$NB>$N%5!<%S%9$J$I$,5/F0$7$?$"$H$K%U%!%$%"%&%*!<%k$r@_Dj$9$k$H!"A4$/@_Dj$5$l$F$$$J$$$o$:$+$J=V4V$r$D$$$F�(B"�$B0-$$$d$D�(B"�$B$,F~$j9~$`4m81@-$,$"$j$^$9!#�(B)</P>
<HR>
<A HREF="IPCHAINS-HOWTO-3.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="IPCHAINS-HOWTO-1.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="IPCHAINS-HOWTO.html#toc2">�$BL\<!$X�(B</A>
</BODY>
</HTML>
|