当前位置: Home > 防火墙 > 文章
|
|
怎样用ipchains构建防火墙
|
文章来源: Internet
文章作者: 未知
发布时间: 2002-04-24
字体:
[大
中
小]
|
|
#Allow ftp response packets from Internet ftp servers to Intranet clients /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 ftp -d 198.168.80.0/24 1024: -i eth0 -j ACCEPT /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 ftp-data -d 198.168.80.0/24 1024: -i eth0 -j ACCEPT
5.设置telnet包过滤
说明:telnet端口为21,采用tcp协议。规则为:eth1=〉允许所有来自Intranet的telnet包;eth0=〉仅允许目的为bbs服务器的包;为了提高网络安全性,禁止所有对firewall的telnet请求。
#Define telnet packets
#Allow telnet request packets from Internet clients to Intranet bbs server /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 1024: -d 198.168.80.13/32 telnet -i eth0 -j ACCEPT
#Allow telnet response packets from bbs server to Internet clients /sbin/ipchains -A input -p tcp -s 198.168.80.13/32 telnet -d 0.0.0.0/0 1024: -i eth1 -j ACCEPT
#Allow telnet request packets from Intranet clients to Internet telnet servers /sbin/ipchains -A input -p tcp -s 198.168.80.0/24 1024: -d 0.0.0.0/0 telnet -i eth1 -j ACCEPT
#Allow telent response packets from Internet telnet servers to Intranet clients /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 telnet -d 198.168.80.0/24 1024: -i eth0 -j ACCEPT
6.设置smtp包过滤
说明:smtp端口为21,采用tcp协议。规则为:eth1=〉允许所有来自Intranet的smtp包;eth0=〉仅允许目的为email服务器的smtp请求。
#Define smtp packets
#Allow smtp request packets from Internet smtp servers to Intranet email server /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 1024: -d 198.168.80.14/32 smtp -i eth0 -j ACCEPT
#Allow smtp response packets from Intranet email server to Internet smtp servers /sbin/ipchains -A input -p tcp -s 198.168.80.14/32 smtp -d 0.0.0.0/0 1024: -i eth1 -j ACCEPT
#Allow smtp request packets from Intranet clients to Internet smtp servers /sbin/ipchains -A input -p tcp -s 198.168.80.0/24 1024: -d 0.0.0.0/0 smtp -i eth1 -j ACCEPT
#Allow smtp response packets from Internet smtp servers to Intranet clients /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 smtp -d 198.168.80.0/24 1024: -i eth0 -j ACCEPT
7.设置POP-3包过滤
说明:POP-3端口为110,采用tcp或udp协议。规则为:eth1=〉允许所有来自Intranet的POP-3包;eth0=〉允许所有目的为Intranet(email server 除外)的POP-3包。
#Define pop-3 packets
#Allow pop-3 request packets from Intranet clients to Internet pop-3 servers /sbin/ipchains -A input -p tcp -s 198.168.80.0/24 1024: -d 0.0.0.0/0 pop-3 -i eth1 -j ACCEPT /sbin/ipchains -A input -p udp -s 198.168.80.0/24 1024: -d 0.0.0.0/0 pop-3 -i eth1 -j ACCEPT
#Allow pop-3 response packets from Internet pop-3 servers to Intranet clients (except email server) /sbin/ipchains -A input -p tcp -s 0.0.0.0/0 pop-3 -d 198.168.80.0/24 1024: -i eth0 -j ACCEPT /sbin/ipchains -A input -p udp -s 0.0.0.0/0 pop-3 -d 198.168.80.0/24 1024: -i eth0 -j ACCEPT
共4页: 上一页 [1] [2] 3 [4] 下一页
|
|
↑返回顶部
打印本页
关闭窗口↓
|
|
|
|