注册
个人空间
#
# Allow incoming http from everywhere
accept -i ec0 tcp.dport 80
#
# Allow incoming ftp + ftp-data from everywhere (do you really want this?)
accept -i ec0 tcp.dport 21
accept -i ec0 tcp.dport 20
#
# allow in identd.
accept -i ec0 tcp.dport auth
#
# reject all other incoming tcp SYNs so that no one can connect
reject -i ec0 ip.dst my.ip.add.res and tcp.flags == SYN
#
# reject what are typically X connections (use ssh forwarding instead)
reject -i ec0 ip.dst my.ip.add.res and tcp.dport >; 5999 and tcp.dport <
6011
#
# allow in non-privileged ports (remember to set "UsePrivilegedPort no" in
# /etc/ssh-config!)
accept -i ec0 tcp.dport >; 1023
accept -i ec0 udp.dport >; 1023
#
# allow in certain ICMP traffic
accept -i ec0 icmp.type == ECHO
accept -i ec0 icmp.type == ECHOREPLY
accept -i ec0 icmp.type == UNREACHABLE
accept -i ec0 icmp.type == TIMXCEED
3.start ipfilterd
#ipfilterd -d
microroad 回复于:2002-07-15 08:22:51
我还没接触到这个东东,只望斑竹能把他保留下来,以备用时参考!
| 论坛热门帖子: | [lch203] 写得蛮好的linux学习笔记(10-21) [黑马制造] 学习java的30个目标(10-19) [笑傲股林] 做测试半年了,有点迷茫,应该再学些什么提高自己的测试水平和测试能力呢?(10-19) [udp8589] 大家用google的来吱一声? 用百度的~~也来报道下?(10-18) [沂偌掳兆] 本人总结的一些认为C++比较经典的书籍,希望对大家有用(10-18) |
| TAG标签: | dstamp srcamp 0xffffff00 0xffff0000 0xff000000 accept-iec0i |
