(源自網絡)設置ip filter
- 詳細內容
- 分類: Solaris
- 發佈: 2006-05-28, 週日 19:14
- 作者 Super User
- 點擊數: 19012
vi /etc/ipf/pfil.ap
add your network card
vi /etc/ipf/ipf.conf
block in log quick all with short
block in log quick all with ipopts
block in log quick all with frag
block in log quick all with opt lsrr
block in log quick all with opt ssrr
pass in quick proto tcp from any to any port = 25 keep state
pass in quick proto tcp from any to any port = 110 keep state
pass in quick proto tcp from any to any port = 80 keep state
pass in quick proto tcp from any to any port = 22 keep state
pass in quick proto tcp from any to any port = 60993 keep state
pass in quick proto tcp from any to any port = 21 flags S/SA keep state
pass in quick proto tcp from any to any port = 20 flags S/SA keep state
pass in quick proto tcp from any to any port 30000 >< 50001 flags S/SA keep state
block return-rst in log level local5.info quick proto tcp from any to any flags S/SA
block return-icmp(net-unr) in log level local5.info quick proto udp from any to any
block in log level local5.info quick all
pass out quick proto icmp all keep state
pass out quick proto tcp from any to any port = 22 keep state
pass out quick proto tcp from any to any port = 25 keep state
pass out quick proto tcp from any to database.clamav.net port = 80 keep state
pass out quick proto tcp/udp from any to any port = 53 keep state
block out log level local5.info quick all
svcadm enable -r network/ipfilter