|
|
|
|
|
|
|
|
k in log quick on fxp0 from x.x.x.x/32 to any
block in log quick on fxp0 from any to x.x.x.0/32
block in log quick on fxp0 from any to x.x.x.255/32
以上为屏蔽具备内部网络地址的数据包被转发到外部网络
pass in quick on fxp0 proto tcp from any to any port = 80 flags S/SA keep state
pass in quick on fxp0 proto tcp from any to any port = ftp flags S/SA keep state
pass in quick on fxp0 proto tcp from any to any port = ftp-data flags S/SA keep state
pass in quick on fxp0 proto tcp from any to any port 30000 >< 50001 flags S/SA keep state
以上为允许www和ftp进入,并且允许对ftp数据端口的数据进行转发
block in quick on fxp0 all
禁止其他的连接进入fxp0
block in log quick on fxp0 proto icmp from any to any icmp-type redir
block in log quick on fxp0 proto icmp from any to any页码:[1] [2] [3] [4] [5] [6] [7] 第5页、共7页 |
|
|
|
|
设为首页 | 加入收藏 | 广告服务 | 友情链接 | 版权申明
Copyriht 2007 - 2008 © 科普之友 All right reserved |
