| Freesco, NND, CDN, EOS http://forum.freesco.pl/ |
|
| Blokowanie wszystkiego ... http://forum.freesco.pl/viewtopic.php?f=35&t=4705 |
Strona 1 z 1 |
| Autor: | Anonymous [ piątek, 11 czerwca 2004, 20:35 ] |
| Tytuł: | Blokowanie wszystkiego ... |
Z powodu chwilowej , mam nadzieję , niestbilnej przcy sieci chciałem zablokować wszystko wszystkim  i udostępnić tylko podstawowe usługi . Zerknijcie czy to będzie działać OK:
ipfwadm -I -i deny -W eth0 -S 10.1.1.1/0 ipfwadm -I -i accept -W eth0 -S 10.1.1.1/24 21 22 23 25 53 80 110 1550 miałem na myśli pocztę ,www, telnet ssh ,gg tylko nie wiem czy można wpisać tyle portów w jednej linii i czy o czymś nie zapomniałem |
|
| Autor: | zciech [ piątek, 11 czerwca 2004, 21:48 ] |
| Tytuł: | |
Nie. nie będzie 
|
|
| Autor: | Anonymous [ sobota, 12 czerwca 2004, 09:54 ] |
| Tytuł: | |
 hm... to może w ten sposób ?
ipfwadm -I -i deny -S 10.1.1.1/24 -D 0.0.0.0/0 ipfwadm -I -i accept -P tcp -S 10.1.1.1/24 -D 0/0 numery_portów jeśli to nie zadziała to proszę o jakąś podpowiedź do tych numerów portów możnaby dorzucić jeszcze 443 ale nie wiem ile ich może być w jednej linii |
|
| Autor: | zciech [ sobota, 12 czerwca 2004, 10:58 ] |
| Tytuł: | |
Prawie dobrze musisz jeszcze pozwolic na ruch na porty 53 udp i tcp (DNS-y) tez nie wiem ile, ale jak bedzie blad mozesz to rozbic na dwie linie pfwadm -I -i deny -S 10.1.1.1/24 -D 0.0.0.0/0 wystarczy tak: pfwadm -I -i deny -S 10.1.1.1/24 A zamiast -D 0.0.0.0/0 pisz: -D 0/0 to to samo a ladniej wyglada
|
|
| Autor: | NertoM [ poniedziałek, 14 czerwca 2004, 14:05 ] |
| Tytuł: | |
Witam .... ja mam tak plik w ./mnt/router/rc/rcuser/rc_ipping a wnim #!/bin/sh # # User startup/shutdown and firewall script. . /etc/system.cfg . /etc/live.cfg . /etc/chat.pwd if [ "$1" = firewall ]; then # Add your custom firewall rules here. Warning, incorrect rules could # leave your system insecure. $INET always represents the internet # interface. These rules come before standard system rules. Example: # reject incomming tcp connections to port 22 from the internet and log #ipfwadm -I -a reject -P tcp -W $INET -D 0.0.0.0/0 22 -y -o #---------------------------------------------------------------------- exit; fi if [ "$1" = stop -o "$1" = restart ]; then echo -n "Stopping rc_ipping... " # Add commands here you want to execute when shutting down or rebooting. # Be careful not to use any commands which wait for user input. #---------------------------------------------------------------------- $DONE; [ "$1" = stop ] && exit; fi echo -n "Starting rc_ipping... " # //ipfwadm\\ # ipfwadm -I -f ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D any/0 ipfwadm -I -i reject -P tcp -S 192.168.0.1 22 # //uslugi\\ # # //DNS ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D 194.204.159.1 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D 194.204.152.34 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D 212.244.117.100 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D 217.17.34.10 # //ftp ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 21 # //ftp_data ipfwadm -I -i accept -P tcp -S 192.168.0.6/16 -D any/0 20 ipfwadm -I -i accept -P tcp -S 192.168.0.121/16 -D any/0 20 ipfwadm -I -i accept -P tcp -S 192.168.0.161/16 -D any/0 20 ipfwadm -I -i accept -P tcp -S 192.168.0.161/16 -D any/0 20 ipfwadm -I -i accept -P tcp -S 192.168.0.49/16 -D any/0 20 # //kaza #ipfwadm -I -i accept -P tcp -S 192.168.0.200/32 -D any/0 1214 # //dc #ipfwadm -I -i accept -P tcp -S 192.168.0.200/32 -D any/0 412 # //telnet ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 23 # //ssh ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 22 # //www # //2020 <-- admin.virt501.kei.pl <-- vuja # /proxy 8080 # //Zalatwiem sobie profesjonalny i tani hosting i chciabym aby odblokowa # //- 2082- 2095- 2087- 2083 Adres strony z hostungiem to: www.hostings.p ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 80 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 81 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 82 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 83 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 84 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 85 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 85 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 86 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 2020 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D 0/0 8080 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D 0/0 2082:2095 # //GG 1550 # //8074 --sms # //tlen 443 <-> 440:450 # //yahoo 66.218.70.32-44 all 5000-5010 # //skype 33033 a do gadania 443 # //wp.pl konnekt rozmw video TCP 1720 UDP 5000-5003 # //wp.pl jaber (on dizal z wp konnekt) # //wp.pl pliki przesylanie 9413 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 1550 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 8074 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 440:450 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 440:450 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 5000:5010 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 5000:5010 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 33033 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 1720 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 5222:5225 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 5222:5225 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 9413 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 9413 # //poczta # //110 --odbiur # //25 --wysylanie # //553 --autowyzacia jakas # //553 --autowyzacia jakas # //465 and 995 if you use SSL - which is not the default set-up for most ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 110 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 25 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 465 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 553 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 995 # //grupy duskusyjne ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 119 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 503 # //???? ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 1433 # //mirc ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 6667:6669 # //czaty # //5579:5581 wp.pl # //5010:5030 onet.pl # //14011:14012 interia.pl -> kamerki 14012;14016 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 5579:5581 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 5010:5030 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 14010:14016 # //programy do gieldy ( ma go 4/20 i go urzywa ) # //i inne # //ip 193.108.35.17 # //11008 # //11009 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 11008:11009 # //BANY_IP\\ # //znane z kazy ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 68.39.151.148 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 24.112.216.236 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 24.57.105.64 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 141.213.185.66 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 24.187.241.144 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 24.70.227.235 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 68.13.33.186 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 68.102.52.241 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 68.100.121.146 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 24.94.54.88 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 66.66.78.165 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 137.141.238.163 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 24.49.251.211 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 68.46.133.102 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 68.57.58.103 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 67.33.122.233 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 24.242.85.48 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 66.69.20.221 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 156.34.176.33 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 68.34.16.236 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 66.69.74.115 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 62.90.195.82 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 200.199.201.83 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 63.208.2.24 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 65.89.43.128 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 24.27.169.105 ipfwadm -I -i reject -P tcp -S 192.168.0.1/16 -D 12.236.151.221 # //RadiO # //radio internetowe ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 8000:8009 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 8000:8009 # //gry\\ # //diablo2 # //quake 27500 # //starcraft # //CS -> nowy # //World of Tibia >www.tibia.de albo www.tibia.com< ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 6110:6120 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 4000 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 27000:28000 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 27000:28000 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 7171 # //gry ze stron\\ # //kurnik.pl # //wp.pl # //http://www.tibia.pl/ # //rpg jakis www.tibia.pl ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 17000:17060 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 5000:5010 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 7170:7180 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 7170:7180 # //serwery\\ # //IP 002 # //IP_003 #ipfwadm -I -i accept -S 192.168.0.2/32 #ipfwadm -I -i accept -S 192.168.0.3/32 #ipfwadm -I -i accept -P tcp -S 192.168.0.3/32 #ipfwadm -I -i accept -P udp -S 192.168.0.3/32 # //demony\\ # //squid #ipfwadm -I -i accept -r 8080 -P tcp -S 192.168.0.0/24 -D any/0 www #ipfwadm -I -i accept -r 8080 -P tcp -S 192.168.0.0/24 -D any/0 www # //user\\ # //port tcp+udp 3531 nadeslal TK-696xxxxxx IP-192.168.1.128 ipfwadm -I -i accept -S 192.168.0.200 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 3531 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 3531 #ipfwadm -I -i accept -S 192.168.0.201 #ipfwadm -I -i accept -S 192.168.0.235 #ipfwadm -I -i accept -S 192.168.1.123 #ipfwadm -I -i accept -S 192.168.1.210 #ipautofw -A -r tcp 4660 4669 -h 192.168.0.201 #ipautofw -A -r tcp 4660 4669 -h 192.168.0.201 #ipautofw -A -r tcp 4660 4669 -h 192.168.0.235 #ipautofw -A -r tcp 4660 4669 -h 192.168.0.235 #ipautofw -A -r udp 20 21 -h 192.168.0.200 # # /dziwne wpisy w logah z tyh IP ipfwadm -I -i reject -S 4.15.8.80/32 -D any/0 ipfwadm -I -i reject -S any/0 -D 4.15.8.80/32 ipfwadm -I -i reject -S 216.74.27.24/32 -D any/0 ipfwadm -I -i reject -S any/0 -D 216.74.27.24/32 # ipfwadm -I -i reject -P tcp -S any/0 22 -D 80.51.255.94 # ipfwadm -I -i accept -P tcp -S 192.168.0.0/16 -D 192.168.0.1/32 www # ipfwadm -I -i reject -P tcp -S 192.168.0.1/24 -D any/0 # ipfwadm -I -i reject -P tcp -S 192.168.0.1/24 -D any/0 # ipfwadm -I -i reject -P tcp -S 192.168.0.1/24 -D any/0 # ipfwadm -I -i reject -P tcp -S 192.168.0.1/24 -D any/0 # /blaster ipfwadm -I -a deny -P tcp -D 0/0 130:140 ipfwadm -I -i deny -P tcp -D 0/0 130:140 ipfwadm -I -i deny -S 127.0.0.1 # //jakis pierdolniety program do pitu test # //jkaiegos funduszu # //korzysta z niego 37/4 ; PT_2DOM # //jakis fundusz 85 500 2746 udp # // IP 213.25.45.71 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 80:90 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 80:90 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 85 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 495:505 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 495:505 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 500 ipfwadm -I -i accept -P tcp -S 192.168.0.1/16 -D any/0 2740:2750 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 2740:2750 ipfwadm -I -i accept -P udp -S 192.168.0.1/16 -D any/0 2746 ipfwadm -I -i accept -P all -S 192.168.0.1/16 -D 213.25.45.71 ipfwadm -I -i accept -P all -S 213.25.45.71 -D 192.168.0.1/16 ipfwadm -I -i accept -S 192.168.2.16 ipfwadm -I -i accept -S 192.168.2.17 #ipfwadm -I -i accept -P all -S 192.168.1.202 #ipfwadm -I -i accept -P all -S 192.168.1.202 # //IP serwisowe blokniete ipfwadm -I -i reject -S 192.168.0.2 ipfwadm -I -i reject -S 192.168.0.3 ipfwadm -I -i reject -S 192.168.0.4 ipfwadm -I -i reject -S 192.168.0.5 ipfwadm -I -i reject -S 192.168.0.6 ipfwadm -I -i reject -S 192.168.0.7 ipfwadm -I -i reject -S 192.168.0.8 # //IP wolne aktualnie dostep all ipfwadm -I -i accept -S 192.168.111.111 ipfwadm -I -i accept -S 192.168.111.112 ipfwadm -I -i accept -S 192.168.111.113 ipfwadm -I -i accept -S 192.168.111.114 ipfwadm -I -i accept -S 192.168.111.115 #---------------------------------------------------------------------- $DONE Tu masz mniej wiecej to co powino byc i blokuje all tylko se musisz zmienic IP z 192.168.x.x na to twoje 10.0.0.1 pamietaj rze /32 oznacza tylko jeden adres /23 zakres adresuw 192.168.0.xxx czyli 255 /16 zakres aderesu 192.168.xxx.xxxx czyli 255*255
|
|
| Strona 1 z 1 | Strefa czasowa UTC+2godz. |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|