Freebsd PF 安装使用
2009-02-13 12:22:51 来源:WEB开发网#设定拒绝联机封包的处理方式
set block-policy return
#
set optimization aggressive
#纪录 $ext_if
set loginterface $ext_if
# scrub
#整理封包
scrub in all
#nat
#NAT 地址转译处理
nat on $ext_if from $int_if:network to any -> $ext_if
#ftp-proxy
#ftp-proxy 重新导向
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
#rdr on $ext_if proto tcp from any to 140.111.152.13 port 21 -> 192.168.13.253 port 21
#Transparent Proxy Server
rdr on rl0 proto tcp from 192.168.13.0/24 to any 80 -> 127.0.0.1 port 3128
#阻挡可疑封包在 $ext_if 网卡进出
antispoof log quick for $ext_if
#阻挡所有进出的封包
block all
#开放 loopback
pass quick on lo0 all
#拒绝内部私有 IP 对 $ext_if 网络卡联机
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
#开放对外的 80, 443 埠
pass in on $ext_if inet proto tcp from any to $ext_if port $open_services flags S/SA keep state
#只容许 140.111.152.0/24 网段对本机做 22 埠联机
pass in on $ext_if inet proto tcp from 140.111.152.0/24 to $ext_if port 22 flags S/SA keep state
#开放内部网络对外联机
#pass in on $inf_if proto rcp from any to any queue std_in
pass in on $int_if from $int_if:network to any keep state
更多精彩
赞助商链接