波少散记

先將kernel複製出來 mkdir /usr/local/etc/FreeBSD cd /usr/src/sys/i386/conf cp GENERIC /usr/local/etc/FreeBSD/MYKERNEL ln -s /usr/local/etc/FreeBSD/MYKERNEL vi /usr/local/etc/FreeBSD/MYKERNEL 加入 options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #packet destination changes options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default cd /usr/src;make kernel 完成後開始設定 vi /etc/rc.conf 加入 #firewall firewall_enable=”YES” firewall_logging=”YES” firewall_script=”/etc/rc.firewall” vi /etc/rc.firewall 將內容全部刪除改為 #!/bin/sh fwcmd=”/sbin/ipfw” Trust_IP1=”127.0.0.1″ #這裡要換成server本身的IP Trust_IP2=”120.119.1.0/24″ #可通過的網段 UnTrust_IP1=”192.83.191.0/24″ Allowed_TCP_In_1=”22,25,53,80,443″ #you want to open port Traceroute=”33433-33499″ Allowed_UDP_Out=”20,21,53,113″ Allowed_UDP_In=”20,21,53,113″ Allowed_UDP_ftp_Out=...

#!/bin/bash # A Linux Shell Script with common rules for IPTABLES Firewall. # By default this script only open port 80, 22, 53 (input) # All outgoing traffic is allowed (default – output) # ————————————————————————- # Copyright (c) 2004 nixCraft project <http://cyberciti.biz/fb/> # This script is licensed under GNU GPL version 2.0 or above # ————————————————————————- # This script is part of nixCraft shell script collection (NSSC) # Visit http://bash.cyberciti.biz/ for more information. # ————————————————————————-   IPT=”/sbin/iptables...

#!/bin/bash # A sample firewall shell script IPT=”/sbin/iptables” SPAMLIST=”blockedip” SPAMDROPMSG=”BLOCKED IP DROP” SYSCTL=”/sbin/sysctl” BLOCKEDIPS=”/root/scripts/blocked.ips.txt”   # Stop certain attacks echo “Setting sysctl IPv4 settings…” $SYSCTL net.ipv4.ip_forward=0 $SYSCTL net.ipv4.conf.all.send_redirects=0 $SYSCTL net.ipv4.conf.default.send_redirects=0 $SYSCTL net.ipv4.conf.all.accept_source_route=0 $SYSCTL net.ipv4.conf.all.accept_redirects=0 $SYSCTL net.ipv4.conf.all.secure_redirects=0 $SYSCTL net.ipv4.conf.all.log_martians=1 $SYSCTL net.ipv4.conf.default.accept_source_route=0 $SYSCTL net.ipv4.conf.default.accept_redirects=0 $SYSCTL net.ipv4.conf.default.secure_redirects=0 $SYSCTL net.ipv4.icmp_echo_ignore_broadcasts=1 #$SYSCTL net.ipv4.icmp_ignore_bogus_error_messages=1 $SYSCTL net.ipv4.tcp_syncookies=1 $SYSCTL net.ipv4.conf.all.rp_filter=1 $SYSCTL net.ipv4.conf.default.rp_filter=1 $SYSCTL kernel.exec-shield=1 $SYSCTL kernel.randomize_va_space=1   echo “Starting IP...