Firewall installation _ Freebsd8Ipfw firewall installation Configuration

In the past few days, the system has basically been done. After configuring the desktop (just personal preferences, desktop is dispensable, mainly for experience), with SSH remote logon, you can complete basic system settings.

In the past few days, the system has basically been done. After configuring the desktop (just personal preferences, desktop is dispensable, mainly for experience), with SSH remote logon, you can complete basic system settings.

Then we should note that the system is in the streaking state, no anti-virus software, and no firewall is enabled. Although the operating system of Freebsd is more secure than winsever, it is worth noting that not being infected with viruses does not mean that people will not upload backdoors. Trojans or anything.

Today, we are mainly engaged in freebsd firewall ipfw.

The author used freebsd8.4, and found a stable version.

Then I went to the ipfw configuration documents. Various documents on the Internet were full of documents, various compilations, and various configurations. Finally, I found a way to use the instructions in the freebsd official manual.

Today, the configuration is a little simpler. Of course, you must first confirm that ipfw is installed when the freebsd system is installed.

One thing you need to know is that ipfw can be used only by compiling the kernel before freebsd6.0. That is to say, after freebsd6.0, you do not need to compile the kernel and install it. You only need to enable the Service for configuration.

1. Enable IPFW first

Open the/etc/rc. conf file:

Vi/etc/rc. conf

Then, add the following settings:

Click (here) to fold or open

Firewall_enable = "YES"

Firewall_script = "YES"

Natd_enable = "YES" # enable the NAT Function of the firewall

Natd_interface = "rl0"

Natd_flags = "-dynamic-m"

Firewall_script = "/etc/ipfw. rules"

Save and close the file. Now, proceed to this step to ensure that ipfw can be used normally below.

 

Stop ipfw Firewall:

Ipfw disable firewall

/Etc/rc. d/ipfw stop

Enable ipfw Firewall:

Ipfw enable firewall

Check whether ipfw is running

Number of packages continuously viewed through ipfw-a list

2. Write firewall rule scripts

You need to put the firewall rules in a script called/tc/ipfw. rule:

Vi/etc/ipfw. rule

Add the following code:

A relatively simple ipfw script, drawing on the configuration documents of a colleague on the internet, also expressed thanks.

Click (here) to fold or open

#! /Bin/sh

################ Common #################

Cmd = "/sbin/ipfw-q add"

My_ip = "xxx. xxx. xxxx. xxx"

Nc_in = "r11"

Nc_out = "r10"

Dns1 = "xxx. xxx"

# Dns2 = "xxx. xxx"

################# Rules ###################### #

# Flush all rules

/Sbin/ipfw-q-f flush

# Allow all via loopback to loopback

$ Cmd 500 allow all from any to any via lo0

$ Cmd 600 check-state

################### DNS #################### ##

$ Cmd 700 allow tcp from me to $ dns1 53 out

$ Cmd 750 allow udp from me to $ dns1 53 out

$ Cmd 800 allow tcp from $ dns1 53 to me in

$ Cmd 850 allow udp from $ dns1 53 to me in

############## FTP, SSH, WWW, and etc .################

$ Cmd 01000 allow tcp from any to any 20, 21, 443

$ Cmd 01500 allow tcp from any 20, 21, 443, to any

##################### SNMP ################## ###

$ Cmd 01000 allow udp from any to any 161,162

$ Cmd 01500 allow udp from any 161,162 to any

# Deny and log all packets that fell through to see what they are

$ Cmd 09999 deny log all from any to any

Iii. Start the Firewall

 

Start the firewall and check whether remote logon is enabled. Do not block yourself from the firewall.