Witam.
Postanowiłem podac tutaj podstawowy aczkolwiek bardzo dobry (według mnie) Firewall.
Oto on:
#!/bin/sh
#
# User startup/shutdown and firewall script.
. /etc/system.cfg
. /etc/live.cfg
. /etc/chat.pwd
if [ "$1" = firewall ]; then
# Add your custom firewall rules here. Warning, incorrect rules could
# leave your system insecure. $INET always represents the internet
# interface. These rules come before standard system rules. Example:
# reject incomming tcp connections to port 22 from the internet and log
#----- Podstawowy FIREWALL --------------------------------------------
#-------------------- Blokada wszytkich wszedzie
ipfwadm -I -i deny -W eth0 -S 10.1.1.0/24
#-------------------- Wybrane IP-ki ktore maja neta
ipfwadm -I -i accept -W eth0 -S 10.1.1.2
ipfwadm -I -i accept -W eth0 -S 10.1.1.3
ipfwadm -I -i accept -W eth0 -S 10.1.1.4
ipfwadm -I -i accept -W eth0 -S 10.1.1.7
ipfwadm -I -i accept -W eth0 -S 10.1.1.8
ipfwadm -I -i accept -W eth0 -S 10.1.1.9
ipfwadm -I -i accept -W eth0 -S 10.1.1.10
#----------------------------------------------------------------------
#----- TELNET dla wybrancow -------------------------------------------
ipfwadm -I -i deny -P tcp -S 10.1.1.0/24 -D 10.1.1.1 23
ipfwadm -I -i accept -P tcp -S 10.1.1.2 -D 10.1.1.1 23
#----------------------------------------------------------------------
#----------- Tylko GG dla NIE wybranych wyżej -------------------------
ipfwadm -I -i deny -W eth0 -S 10.1.1.5
ipfwadm -I -i accept -P tcp -S 10.1.1.5 -D any/0 443
ipfwadm -I -i accept -P tcp -S 10.1.1.5 -D any/0 1550
ipfwadm -I -i accept -P tcp -S 10.1.1.5 -D any/0 8074
ipfwadm -I -i deny -W eth0 -S 10.1.1.6
ipfwadm -I -i accept -P tcp -S 10.1.1.6 -D any/0 443
ipfwadm -I -i accept -P tcp -S 10.1.1.6 -D any/0 1550
ipfwadm -I -i accept -P tcp -S 10.1.1.6 -D any/0 8074
#----------------------------------------------------------------------
exit; fi
if [ "$1" = stop -o "$1" = restart ]; then
echo -n "Stopping rc_user... "
# Add commands here you want to execute when shutting down or rebooting.
# Be careful not to use any commands which wait for user input.
#----------------------------------------------------------------------
$DONE; [ "$1" = stop ] && exit; fi
echo -n "Starting rc_user... "
# Add commands here you want to execute when booting. Use the fork
# command to launch programs which normally stay in the foreground.
#----------------------------------------------------------------------
$DONE
Blokuje on wszytkie IP, nstępnie odblokowuje te co maja miec internet.
Później blokuje na wszytkich IP Telnet i odblokowuje dla wybranych.
Na koniec puszcza GG dla gościa co niema internetu.
PAPA
Zaloguj się
Zarejestruj się
FAQ
Szukaj
??
Kipa
