Nebeninfo:
Ich hab als Kernel IPFWPAE, d.h. IPFW Firewall läuft zusammen mit PAE, also liegts nicht an einem Fail Compile vom Kernel.
PHP Code:
IPF="ipfw -q add"
ipfw -q -f flush
$IPF 1
#loopback
$IPF 101 allow all from any to any via em0
$IPF 102 allow all from any to 127.0.0.0/8
$IPF 103 deny all from 127.0.0.0/8 to any
$IPF 105 deny tcp from any to any frag
# statefull
$IPF 106 check-state
$IPF 107 allow tcp from any to any established
$IPF 108 allow all from any to any out keep-state
$IPF 109 allow icmp from any to any
# open port ftp (20,21), ssh (22), mail (25), dns (53) etc.
$IPF 110 allow tcp from any to any 21 in
$IPF 111 allow tcp from any to any 21 out
$IPF 112 allow tcp from any to any 22 in
$IPF 113 allow tcp from any to any 22 out
$IPF 114 allow tcp from any to any 25 in
$IPF 115 allow tcp from any to any 25 out
$IPF 116 allow udp from any to any 53 in
$IPF 117 allow tcp from any to any 53 out
$IPF 118 allow udp from any to any 3306 in
$IPF 119 allow tcp from any to any 3306 out
#M2 Ports
# open ports M2 Cores
# Auth Core
$IPF 120 allow all from *zensiert* to any 11002
$IPF 130 allow all from 127.0.0.0/8 to any 11002
$IPF 140 deny all from any to me 11002
$IPF 150 allow all from *zensiert* to any 12000
$IPF 160 allow all from 127.0.0.0/8 to any 12000
$IPF 170 deny all from any to me 12000
# CORE CH1
$IPF 180 allow all from *zensiert* to any 13000
$IPF 190 allow all from 127.0.0.0/8 to any 13000
$IPF 200 deny all from any to me 13000
$IPF 210 allow all from *zensiert* to any 14000
$IPF 220 allow all from 127.0.0.0/8 to any 14000
$IPF 230 deny all from any to me 14000
# CORE CH2
$IPF 240 allow all from *zensiert* to any 13001
$IPF 250 allow all from 127.0.0.0/8 to any 13001
$IPF 260 deny all from any to me 13001
$IPF 270 allow all from *zensiert* to any 14001
$IPF 280 allow all from 127.0.0.0/8 to any 14001
$IPF 290 deny all from any to me 14001
# deny Database Port
$IPF 620 allow all from *zensiert* to any 15000
$IPF 630 allow all from 127.0.0.0/8 to any 15000
$IPF 640 deny all from any to me 15000
# deny and log everything
$IPF 1400 deny log all from any to any
15000 database port
13000/13001 Standartport Channel 1 + Channel 2
14000/14001 P2P Port Channel 1 + Channel 2
12000 P2P Loginport
11002 Standart Loginport
21 Ssh Port
22 Ftp Port
53 Dns Port
3306 Mysql Port
Fehlermeldungen:
bei /etc/rc.d/ipfw restart:
PHP Code:
net.inet.ip.fw.enable: 1 -> 0
ipfw: missing action
Firewall rules loaded.
net.inet.ip.fw.enable: 0 -> 1
Hab ich das Ipfw Script falsch aufgebaut oder sowas? ö.ö
Naja hoffe mal auf hilfreiche Antworten
Oder eventuell eine ipfw.rules, die bereits wunderbar klappt(hatte von meiner alten kein Backup gezogen.......)
MfG RealFreak