bei ein paar Freunden war es so, dass Infinity's
Fix nicht funktioniert hat, und da haben SoNiice und ich versucht
eine Lösung zu finden.
Hier ist sie:
1. -- Zuerst installiert ihr den Paketfilter, nach diesem Tut --
2. -- Nun öffnet ihr die rc.conf und tragt ein:
PHP Code:
firewall_enable="YES"
firewall_script="/etc/firewall.rules"
pf_enable="YES"
pf_rules="/etc/pf.conf"
3. -- Jetzt tragt ihr die Rules ein:
Code:
ee /etc/firewall.rules
PHP Code:
IPF="ipfw -q add"
ipfw -q -f flush
#Custom Rules
$IPF 4 allow all from 217.23.6.90 to any 12001
$IPF 5 allow all from 127.0.0.0/8 to any 12001
$IPF 6 deny all from any to me 12001
$IPF 7 allow all from 217.23.6.90 to any 14000
$IPF 8 allow all from 127.0.0.0/8 to any 14000
$IPF 9 deny all from any to me 14000
$IPF 10 allow all from 217.23.6.90 to any 14001
$IPF 11 allow all from 127.0.0.0/8 to any 14001
$IPF 12 deny all from any to me 14001
$IPF 13 allow all from 217.23.6.90 to any 14002
$IPF 14 allow all from 127.0.0.0/8 to any 14002
$IPF 15 deny all from any to me 14002
$IPF 16 allow all from 217.23.6.90 to any 14003
$IPF 17 allow all from 127.0.0.0/8 to any 14003
$IPF 18 deny all from any to me 14003
$IPF 19 allow all from 217.23.6.90 to any 14004
$IPF 20 allow all from 127.0.0.0/8 to any 14004
$IPF 21 deny all from any to me 14004
$IPF 22 allow all from 217.23.6.90 to any 14061
$IPF 23 allow all from 127.0.0.0/8 to any 14061
$IPF 24 deny all from any to me 14061
$IPF 25 allow all from 217.23.6.90 to any 14099
$IPF 26 allow all from 127.0.0.0/8 to any 14099
$IPF 27 deny all from any to me 14099
$IPF 28 allow all from 217.23.6.90 to any 17000
$IPF 29 allow all from 127.0.0.0/8 to any 17000
$IPF 30 deny all from any to me 17000
$IPF 31 allow all from 217.23.6.90 to any 17001
$IPF 32 allow all from 127.0.0.0/8 to any 17001
$IPF 33 deny all from any to me 17001
$IPF 34 allow all from 217.23.6.90 to any 17002
$IPF 35 allow all from 127.0.0.0/8 to any 17002
$IPF 36 deny all from any to me 17002
$IPF 37 allow all from 217.23.6.90 to any 17003
$IPF 38 allow all from 127.0.0.0/8 to any 17003
$IPF 39 deny all from any to me 17003
$IPF 40 allow all from 217.23.6.90 to any 17004
$IPF 41 allow all from 127.0.0.0/8 to any 17004
$IPF 42 deny all from any to me 17004
$IPF 43 allow all from 217.23.6.90 to any 17061
$IPF 44 allow all from 127.0.0.0/8 to any 17061
$IPF 45 deny all from any to me 17061
$IPF 46 allow all from 217.23.6.90 to any 17099
$IPF 47 allow all from 127.0.0.0/8 to any 17099
$IPF 48 deny all from any to me 17099
$IPF 49 allow all from 217.23.6.90 to any 19000
$IPF 50 allow all from 127.0.0.0/8 to any 19000
$IPF 51 deny all from any to me 19000
$IPF 52 allow all from 217.23.6.90 to any 19001
$IPF 53 allow all from 127.0.0.0/8 to any 19001
$IPF 54 deny all from any to me 19001
$IPF 55 allow all from 217.23.6.90 to any 19002
$IPF 56 allow all from 127.0.0.0/8 to any 19002
$IPF 57 deny all from any to me 19002
$IPF 58 allow all from 217.23.6.90 to any 19003
$IPF 59 allow all from 127.0.0.0/8 to any 19003
$IPF 60 deny all from any to me 19003
$IPF 61 allow all from 217.23.6.90 to any 19004
$IPF 62 allow all from 127.0.0.0/8 to any 19004
$IPF 63 deny all from any to me 19004
$IPF 64 allow all from 217.23.6.90 to any 19061
$IPF 65 allow all from 127.0.0.0/8 to any 19061
$IPF 66 deny all from any to me 19061
$IPF 67 allow all from 217.23.6.90 to any 19099
$IPF 68 allow all from 127.0.0.0/8 to any 19099
$IPF 69 deny all from any to me 19099
$IPF 70 allow all from 217.23.6.90 to any 21000
$IPF 71 allow all from 127.0.0.0/8 to any 21000
$IPF 72 deny all from any to me 21000
$IPF 73 allow all from 217.23.6.90 to any 21001
$IPF 74 allow all from 127.0.0.0/8 to any 21001
$IPF 75 deny all from any to me 21001
$IPF 76 allow all from 217.23.6.90 to any 21002
$IPF 77 allow all from 127.0.0.0/8 to any 21002
$IPF 78 deny all from any to me 21002
$IPF 79 allow all from 217.23.6.90 to any 21003
$IPF 80 allow all from 127.0.0.0/8 to any 21003
$IPF 81 deny all from any to me 21003
$IPF 82 allow all from 217.23.6.90 to any 21004
$IPF 83 allow all from 127.0.0.0/8 to any 21004
$IPF 84 deny all from any to me 21004
$IPF 85 allow all from 217.23.6.90 to any 21061
$IPF 86 allow all from 127.0.0.0/8 to any 21061
$IPF 87 deny all from any to me 21061
$IPF 88 allow all from 217.23.6.90 to any 21099
$IPF 89 allow all from 127.0.0.0/8 to any 21099
$IPF 90 deny all from any to me 21099
#Standart Regeln
$IPF 10000 allow all from any to any via lo0
$IPF 20000 deny all from any to 127.0.0.0/8
$IPF 30000 deny all from 127.0.0.0/8 to any
$IPF 40000 allow all from any to any
Code:
ee /etc/pf.conf
Code:
### INTERFACES ### if = "{ re0 }" #Intra table <intranet> { 127.0.0.1 } pass in quick from <intranet> to any keep state #Network table <network> persist block quick from <network> pass in on $if proto tcp from any to any \ keep state (max-src-conn 100, max-src-conn-rate 15/1, \ overload <network> flush global)
4. --Dann gebt ihr ein:
Code:
pfctl -d pfctl -e
Code:
pfctl -vnf /etc/pf.conf
richtig gemacht! --
5. -- Noch überprüfen ob die Rules richtig laufen:
Code:
ipfw list
Falls ihr bereits Infinitys Tut befolgt habt, könnt ihr es auch einfach so
machen:
1. --
Code:
pfctl -e
2. --
Code:
pfctl -vnf /etc/pf.conf
3. --
Code:
ee /etc/pf.conf
Code:
### INTERFACES ### if = "{ re0 }" #Intra table <intranet> { 127.0.0.1 } pass in quick from <intranet> to any keep state #Network table <network> persist block quick from <network> pass in on $if proto tcp from any to any \ keep state (max-src-conn 100, max-src-conn-rate 15/1, \ overload <network> flush global)
5. --So, jetzt Rules neustarten:
Code:
pfctl -d && pfctl -e
Code:
pfctl -vnf /etc/pf.conf
geben.
Fertig!
Falls ihr ein anderes Interface als re0 habt, bitte dementsprechend
anpassen!
Ich hoffe ich konnte euch helfen, und falls es weiterhin noch Probleme gibt,
bitte melden!
Bei möglichen Fehleingaben übernehme ich keine Haftung!
Mit freundlichen Grüßen,
'Daroo