Cerere IPFW

Totalitatea subiectelor care nu respectă regulamentul impus in sectiunea "Probleme şi Întrebări" vor fi stocate aici.
Deconectat
Avatar utilizator
anghel14
Nivel 1
Nivel 1
Mesaje: 123
Membru din: 11 Dec 2014
Status: Sunt bine mersi ^.^
Server Metin2: NewAgeMetin2
Mulțumiri acordate: 7
Mulțumiri primite: 2

Cerere IPFW

Mesajde anghel14 » 06 Iun 2017, 13:38

Salutare, are cineva un tutorial pentru ipfw bun?
Menționez că nu am această cale: /usr/src/sys/i386/conf,

Deconectat
Avatar utilizator
Alin Ionuț
Mister Just4Metin
Mister Just4Metin
Mesaje: 1964
Membru din: 16 Feb 2014
Localitate: Bucuresti
Reputație: ___________________________
==================
► Administrator Sheldor2
==================
►✔ Helper Experimentat
==================
►✔ Helper Avansat[2 - 2]
==================
►✔ Helper J4M
==================
►✔ Fost Trial Helper
==================
►✔ Mister J4M
==================
►✔ Nume anterior: Piciu.
==================
Status: Nihil sine Deo
Mulțumiri acordate: 9
Mulțumiri primite: 103

Re: Cerere IPFW

Mesajde Alin Ionuț » 06 Iun 2017, 22:14

Creezi un fisier in "/etc" cu numele protection.rules , in acel fisier scrii acest cod:
#!/bin/sh
#!/bin/sh
#################################################
# ipfw Firewall Commands
#################################################
cmd="ipfw -q add"
ipfw -q -f flush
pif="em0"

#################################################
# Allow Loopback and Deny Loopback Spoofing
#################################################
$cmd allow all from any to any via lo0
$cmd deny all from any to 127.0.0.0/8
$cmd deny all from 127.0.0.0/8 to any
$cmd deny tcp from any to any frag

#################################################
# Stateful rules
#################################################
$cmd check-state
$cmd deny tcp from any to any established
$cmd allow all from any to any out keep-state
$cmd allow icmp from any to any

#################################################
# Table 10 for IP blocks
#################################################
ipfw -q table 10 add 127.0.0.2
ipfw -q add 900 deny ip from 'table(10)' to any
#################################################
# Incoming/Outgoing Services
#################################################
$cmd 60001 allow tcp from any to any 21 setup limit src-addr 10
$cmd 60002 allow tcp from any to any 22 setup limit src-addr 8 # port SSH PUTTY
$cmd 60003 allow tcp from any to any 3306 setup limit src-addr 10 # port MYSQL Navicat
$cmd 60003 allow tcp from any to any 25 setup limit src-addr 10
$cmd 60004 allow tcp from any to any 587 setup limit src-addr 20
$cmd 60005 allow tcp from any to any 53 setup limit src-addr 3
$cmd 60006 allow udp from any to any 53 limit src-addr 3
$cmd 60007 allow tcp from any to any 80 setup limit src-addr 20
$cmd 60008 allow tcp from any to any 110 setup limit src-addr 20
$cmd 60009 allow tcp from any to any 143 setup limit src-addr 10
$cmd 60010 allow tcp from any to any 443 setup limit src-addr 10
$cmd 60016 allow tcp from any to any established setup limit src-addr 5

#################################################
# Deny Port scanning (Nmap)
#################################################
$cmd 00600 deny log logamount 50 ip from any to any ipoptions rr
$cmd 00610 deny log logamount 50 ip from any to any ipoptions ts
$cmd 00620 deny log logamount 50 ip from any to any ipoptions lsrr
$cmd 00630 deny log logamount 50 ip from any to any ipoptions ssrr
$cmd 00640 deny log logamount 50 tcp from any to any tcpflags syn,fin
$cmd 00650 deny log logamount 50 tcp from any to any tcpflags syn,rst

ipfw add 120 allow tcp from any to any 10000-35999 in setup limit src-addr 10

#################################################
# Deny and Log
#################################################
$cmd deny log all from any to any


ipfw add 10000 allow all from any to any via lo0
ipfw add 20000 deny all from any to 127.0.0.0/8
ipfw add 30000 deny all from 127.0.0.0/8 to any
# ipfw add 40000 allow all from any to any

#custom
ipfw add 120 allow tcp from 46.108.11.78 to any
ipfw add 120 allow tcp from 46.108.3.228 to any
ipfw add 120 allow tcp from any to 46.108.60.217
ipfw add 120 allow tcp from 46.108.60.217 to any
ipfw add 120 allow tcp from 46.108.11.78 to any
ipfw add 120 allow tcp from 188.240.250.95 to any
ipfw add 120 allow tcp from any to 188.240.250.95
ipfw add 120 allow tcp from any to 46.108.3.228
ipfw add 120 allow tcp from 89.37.39.103 to any
ipfw add 120 allow tcp from any to 89.37.39.103
ipfw add 120 allow tcp from 89.33.212.212 to any
ipfw add 120 allow tcp from any to 89.33.212.212
Iar dupa ii dai permisiuni 777.

Intrii in /etc/rc.conf - adauga liniile acestea
firewall_enable="YES"
firewall_script="/etc/protection.rules"


Ca sa adaugi alte ip scrii
addip
in putty.

La final scrii
service ipfw start
in putty, sau dupa orice alta modificare.

Deconectat
Avatar utilizator
anghel14
Nivel 1
Nivel 1
Mesaje: 123
Membru din: 11 Dec 2014
Status: Sunt bine mersi ^.^
Server Metin2: NewAgeMetin2
Mulțumiri acordate: 7
Mulțumiri primite: 2

Re: Cerere IPFW

Mesajde anghel14 » 07 Iun 2017, 18:17

Salut, unde adaug ip-ul meu?

Deconectat
Avatar utilizator
Alin Ionuț
Mister Just4Metin
Mister Just4Metin
Mesaje: 1964
Membru din: 16 Feb 2014
Localitate: Bucuresti
Reputație: ___________________________
==================
► Administrator Sheldor2
==================
►✔ Helper Experimentat
==================
►✔ Helper Avansat[2 - 2]
==================
►✔ Helper J4M
==================
►✔ Fost Trial Helper
==================
►✔ Mister J4M
==================
►✔ Nume anterior: Piciu.
==================
Status: Nihil sine Deo
Mulțumiri acordate: 9
Mulțumiri primite: 103

Re: Cerere IPFW

Mesajde Alin Ionuț » 07 Iun 2017, 21:12

Ip-ul tau il adaugi in putty cu comanda "addip ip-ul tau" dupa care scrii comanda "service ipwf start" la fiecare ip adaugat sau editare.

Conectat
Avatar utilizator
Moț
Membru Club
Membru Club
Mesaje: 2375
Membru din: 03 Apr 2017
Reputație: Membru Club Permanent
Mulțumiri acordate: 98
Mulțumiri primite: 189

Re: Cerere IPFW

Mesajde Moț » 13 Iun 2017, 03:29

Inactiv,arhivat!


Înapoi la “Arhivă Probleme şi Întrebări”

Cine este conectat

Utilizatori ce ce navighează pe acest forum: cholacola15, cockecola99, itouji, jumyta, RaMelSSS și 25 vizitatori