Home     FreeBSD     Linux     MS-Window     PHP     Data Base     Utility     Phone     Etc  

   
  Category : FreeBSD         FreeBSD Setting up Firewall using IPFW수정   삭제   
IPFW is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the kernel module when the rc.conf statement firewall_enable="YES" is used.

출처 : http://www.cyberciti.biz/faq/howto-setup-freebsd-ipfw-firewall/

FreeBSD compile kernel for IPFW
This step is optional. You do not need to compile IPFW into the FreeBSD kernel unless you want NAT function enabled. However some old version may not have IPFW compiled. Here is a quick guide to compile kernel with IPFW.

Make sure IPFW support not compiled into the kernel:
#ipfw list
If you get an error that read as follows, you must now compile the source code for the kernel.
ipfw: getsockopt(IP_FW_GET): Protocol not available

Another option is open default kernel config file /usr/src/sys/i386/conf and look for IPFIREWALL option:
# grep IPFIREWALL /usr/src/sys/i386/conf

Building and Installing a Custom Kernel with IPFW
Copy default kernel file:
# cd /usr/src/sys/i386/conf
# cp GENERIC IPFWKERNEL

Add IPFW support:
# vi IPFWKERNEL
Append following directives:
options IPFIREWALL # required for IPFW
options IPFIREWALL_VERBOSE # optional; logging
options IPFIREWALL_VERBOSE_LIMIT=10 # optional; don't get too many log entries


// ipfw default가 deny 로 되있어서

// options IPFIREWALL_DEFAULT_TO_ACCEPT 한줄 더 추가 시 default 가 allow all 로 바뀌게 됩니다.

// default allow all 로 하시고 싶으신 분은 윗 한줄 더 추가해서 하시면 됩니다.


Save and close the file. Building a Kernel, type following commnds:
# cd /usr/src
# make buildkernel KERNCONF=IPFWKERNEL
Install the new kernel:
# make installkernel KERNCONF=IPFWKERNEL
Now reboot the system:
# reboot





Step # 1: Enabling IPFW
# kldload ipfw
이 문장 하나로 위에 커널 컴파일 필요없네요.
options IPFIREWALL_DEFAULT_TO_ACCEPT 한줄 안넣으시고 커널빌드 하시면,
ipfw -a list 에 보면 65535 3 734 deny ip from any to any 되어서
SSH 접속해서 세팅시 접속종료됩니다. 주의 하세요!


Open /etc/rc.conf file
# vi /etc/rc.conf
Append following settings:
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"

Save and close the file..

Step # 2 Write a Firewall Rule Script
You need to place a firewall rules in a script called /usr/local/etc/ipfw.rule:


# vi /usr/local/etc/ipfw.rules

// ipfw.rules 파일이 없기 때문에 임의로 만드셔야 됩니다.


Append following code:



IPF="ipfw -q add"
ipfw -q -f flush

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ftp (20,21), ssh (22), mail (25)
# http (80), dns (53) etc
$IPF 110 allow tcp from any to any 21 in
$IPF 120 allow tcp from any to any 21 out
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out

# deny and log everything
$IPF 500 deny log all from any to any



Save and close the file.

Step # 3: Start a firewall
You can reboot the box or you could reload these rules by entering on the command line.
# sh /usr/local/etc/ipfw.rules

Task: List all the rules in sequence
Type the following command:
# ipfw -a list

Further readings:
Refer ipfw man page
Read IPFW chapter from FreeBSD handbook
Read the FreeBSD kernel configuration file format chapter from FreeBSD handbook '..

코멘트  

이름 :      비밀번호 :
         자동등록방지
내용 :  
파일 :




금연

  글번호
이름
1 2
날짜
  217FreeBSD FreeBSD 일반 사용자 추가 조회수가 1000회 이상이네요. ^0^2015-01-14
  215FreeBSD FreeBSD 5.x apache13 mysql41 php4-4.3.9 ... 조회수가 1000회 이상이네요. ^0^2015-01-14
  214FreeBSD FreeBSD old-releases ISO-IMAGES 조회수가 1000회 이상이네요. ^0^2015-01-13
  212FreeBSD FreeBSD 10 APM-gd pkg install 조회수가 1000회 이상이네요. ^0^2015-01-04
  208FreeBSD FreeBSD vmware xwindow 조회수가 1000회 이상이네요. ^0^2014-12-30
  205FreeBSD FreeBSD 10 Xwindow install 조회수가 1000회 이상이네요. ^0^2014-12-29
  179FreeBSD 사용자 로그인 컨트롤 조회수가 1000회 이상이네요. ^0^2014-11-08
  178FreeBSD OpenBSD에서의 하드드라이브 추가 조회수가 1000회 이상이네요. ^0^2014-11-08
  176FreeBSD FreeBSD와 윈도우의 공존하기-최준호 조회수가 1000회 이상이네요. ^0^2017-06-22 05:33
Jamesfrora
  172FreeBSD 한국 프비 홈페이지 링크 조회수가 1000회 이상이네요. ^0^2017-09-08 11:11
Bomokeymn
  106FreeBSD FreeBSD gnome2 설치 조회수가 1000회 이상이네요. ^0^2008-12-18
  103FreeBSD Installing qmail under FreeBSD 조회수가 1000회 이상이네요. ^0^2008-12-03
  FreeBSD FreeBSD Setting up Firewall using IPFW 2008-11-30
  68FreeBSD 프비의 포트 업데이트 조회수가 1000회 이상이네요. ^0^2002-07-10
  31FreeBSD 아파치 에러 코드 조회수가 1000회 이상이네요. ^0^2001-09-27
 
1 2
글쓰기    목록   다음   로그인
Since 1998-2020 Chris. BSD LICENSE