ipfw 防火墙配置学习笔记
ipfw是BSD系统中重要的防火墙和通信控制工具,在MacOSX中也很好用。先简单贴几个用法,有空再补上:
列出配置表
ipfw list
ipfw add 3333 deny icmp from any to any via en0
ipfw del 3333
#!/bin/shIPFW='/sbin/ipfw -q'$IPFW -f flush$IPFW add 2000 allow ip from any to any via lo*$IPFW add 2010 deny log ip from 127.0.0.0/8 to any in$IPFW add 2020 deny log ip from any to 127.0.0.0/8 in$IPFW add 2030 deny log ip from 224.0.0.0/3 to any in$IPFW add 2040 deny log tcp from any to 224.0.0.0/3 in$IPFW add 2050 allow log tcp from any to any out$IPFW add 2060 allow log tcp from any to any established$IPFW add 2070 allow log tcp from any to any 22 in$IPFW add 2080 allow log tcp from any to any 80 in$IPFW add 2090 allow log tcp from any to any 427 in$IPFW add 12190 deny log tcp from any to any
chmod ug+x Firewall StartupParameters.plist
. /etc/rc.commonStartService (){ if [ "${FIREWALL:=-NO-}" = "-YES-" ] then ConsoleMessage "Starting Firewall" sh /etc/rc.firewall > /dev/null fi}StopService (){ ConsoleMessage "Stopping Firewall" /sbin/ipfw -f -q flush}RestartService (){ StopService StartService}RunService "${1:-start}" #默认参数为-start
{Description = "Firewall";Provides = ("Firewall");Requires = ("Network");OrderPreference = "None";Messages = { start = "Starting NAT/Firewall"; stop = "Stopping NAT/Firewall"; };}
FIREWALL=-YES-
/Library/StartupItems/Firewall/Firewall start