ipfw nejde specifikovat port

Petr Spodniak pspodniak at broadnet.cz
Thu Sep 11 13:43:00 CEST 2003


V čt, 11. 09. 2003 v 13:09, Josef Varilek píše:
> Dobry den,
> 
> 
>    Mozna je to otazka z neznalosti nejake zakladni problematiky,
> ale uz nechapu to:
> 
> kdyz pridam do ipfw pravidla:
> 
> ipfw add allow tcp from any to 192.168.0.2
> 
> a
> 
> ipfw add allow tcp from 192.168.0.2 to any
> 
> funguje vse.
> 
je potreba u pravidel ktera zastavuji pakety dat logovani a podivat se
do logu (/var/log/security) - z toho by melo byt jasne co a jak.

napsal bych to jinak:

ipfw add allow tcp from 192.168.0.2 to any setup
ipfw add allow tcp from any to 192.168.0.2 25,80 setup
ipfw add allow tcp from any to any established

nebo s pouzitim dynamiky:

ipfw add allow tcp from 192.168.0.2 to any setup keep-state
ipfw add allow tcp from any to 192.168.0.2 25,80 setup keep-state
ipfw add check-state
ipfw add deny tcp from any to any established 

-- 
Petr Spodniak <pspodniak at broadnet.cz>




More information about the Users-l mailing list