Site Navigation

Date:      Thu, 30 Jun 2016 18:41:01 +0900
From:      Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
To:        freebsd-users-jp@freebsd.org
Cc:        maruyama@ism.ac.jp
Subject:   [FreeBSD-users-jp 95834] Re: =?iso-2022-jp?b?aXBmdxskQiRIGyhCRE5T?=
Message-ID:  <20160630184101.3d9147f02f8116fb260097e0@dec.sakura.ne.jp>
In-Reply-To: <ydlshvv8gy1.fsf@indra.ism.ac.jp>
References:  <ydlshvv8gy1.fsf@indra.ism.ac.jp>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

$B@DLZ(B@$BL>8E20$G$9!#(B

On Thu, 30 Jun 2016 12:59:50 +0900
maruyama@ism.ac.jp ($B4];3D>>;(B) wrote:

> $BE}7W?tM}8&5f=j$N4];3$G$9!#(B
> 
> PC-BSD 10.x $B$G$O(Bipfw $B$,%G%U%)%k%H$G(Bon $B$K$J$C$F$$$k$?$a!"H]1~$b$J$/(Bipfw
> $B$N$3$H$rJY6/$;$6$k$rF@$J$/$J$C$?$N$G$9$,!"$I$&$b;d$N%"%?%^$G$OM}2r$G$-$J(B
> $B$$8=>]$KAx6x$7$?$N$G!"$3$3$K$*?R$M$7$^$9!#(Bipfw $B$N@_Dj$K$h$C$F(BDNS$B$,0z$1$J(B
> $B$/$J$C$F$7$^$&$N$G$9!#(B
> 
> /etc/ipfw.custom $B$K(B
> 
>   ipfw -q add 110 allow ip from 133.58.124.49 to any
> 
> $B$N$h$&$J%k!<%k$rF~$l$F!"(Bipfw $B$r:F5/F0$7$^$9!#(B
> 
>   service ipfw restart
> 
> $B$?$@$7!"$3$3$K(B 133.58.124.49 $B$O(B default route $B$K8~$+$C$F$$$k%$%s%?!<%U%'!<(B
> $B%9$G$9!#(B
> 
> # netstat -rn |head
> Routing tables
> 
> Internet:
> Destination        Gateway            Flags      Netif Expire
> default            133.58.124.99      UGS        bge0
> 127.0.0.1          link#3             UH          lo0
> 133.58.15.0/24     link#2             U          bge1
> 133.58.15.113      link#2             UHS         lo0
> 133.58.124.0/24    link#1             U          bge0
> 133.58.124.49      link#1             UHS         lo0
> 
> $B$H$$$&46$8!#$9$k$H!"$"$m$&$3$H$+!"(B DNS$B$,0z$1$J$/$J$C$F$7$^$&$N$G$9!#(B
> 
> # dig @dns-x.ism.ac.jp ism.ac.jp ns
> dig: couldn't get address for 'dns-x.ism.ac.jp': failure
> 
> "deny" $B$G$O$J$/(B "allow" $B$J$N$K%Q%1%C%H$,<u$1<h$l$J$/$J$k!"$H$$$&$N$O(B
> $B$I$&$b;d$N%"%?%^$G$OM}2r$G$-$^$;$s!#$*=u$1$/$@$5$$!#(B

$B%k!<%k$,0lJ}DL9T$K$J$C$F$$$k$N$,860x$G$O$J$$$+$H!#(B
$B$4;XDj$N%k!<%k$@$H!"FbB&$+$i=P$kJ}$OA4$F5v2D$5$l$F$$$k$b$N$N!"(B
$BLa$j$N%Q%1%C%H$rDL$9%k!<%k$,L5$$$N$GF~$C$F$3$i$l$J$$$N$G$O!)(B

$B2<5-$N$h$&$J@_Dj$r9T$C$?$i$I$&$J$j$^$9$+!)(B

   ipfw -q add 100 check-state
   ipfw -q add 110 pass tcp from 133.58.124.49 to any setup keep-state
   ipfw -q add 120 pass udp from 133.58.124.49 to any keep-state
   ipfw -q add 130 pass icmp from 133.58.124.49 to any keep-state

$B0l1~!"$3$N@_Dj$J$iFbB&$+$iH/8F$7$?DL?.$NLa$j$ODL$kH&$G$9$,(B...$B!#(B


> 
> $B$J$*!">e5-(B allow $B$,(B default route $B$K8~$+$C$F$$$J$$%$%s%?!<%U%'!<%9$N%"%I(B
> $B%l%9$N>l9g$K$O!"LdBj$O5/$-$^$;$s!#(B 10.2, 10.3 $B$H$b$KF1$8>I>u$G$9!#(B

$B5-21$,IT3N$+$G$9$,!"(Bipfw$B$G2?$i$+$N%k!<%k$r@_Dj$9$k$H%G%U%)%k%H$G(B
deny all$B$K$J$j!"L@<(E*$K5v2D$7$?%k!<%k0J30A4It%"%&%H$K$J$C$?$+$H!#(B
$B5U$K%k!<%k$N@_Dj$,L5$$>l9g$O(Bpass all$B$@$C$?$+$H!#(B


$B$H$j$"$($:30$+$i$N2x$7$2$JDL?.$r<WCG$G$-$l$P(BOK$B!"$H$$$&$3$H$G$"$l$P!"(B
/etc/rc.firewall$B$N$*;ECe$;$N%k!<%k%;%C%H!J(BPC-BSD$B$b(BFreeBSD$BM3Mh$G$9$N$G!"(B
$B$o$6$o$6:o=|$7$F$$$J$1$l$PF1$8$+%+%9%?%^%$%:$5$l$?$b$N$,$"$k$H;W$$$^$9!K(B
$B$r;H$&<j$b$"$j$^$9!#!!(B/etc/rc.conf$B$+(B/etc/rc.conf.local$B$K!"%/%i%$%"%s%H$H(B
$B$7$F$N1?MQ$J$i!"Nc$($P(B

   firewall_enable="YES"
   firewall_type="CLIENT"

$B$N$h$&$K;XDj$9$k$N$b<j$G$9!#!!(B"WORKSTATION"$B$G$b2D$G$9$,!"0c$$$O(BCLIENT
$B$@$H(B

   firewall_client_net=133.58.124.0

$B$N$h$&$K(Bin/out$B$H$bA4DL$K$7$?$$!J%m!<%+%k$N!K%M%C%H%o!<%/%"%I%l%9$r(B
$B@_Dj$G$-!"(BWORKSTATION$B$@$H(Bfirewall_myservices$B$GB>C<Kv$+$i$N@\B3$r5v$9(B
$B%]!<%H!?%W%m%H%3%k!"(Bfirewall_allowservices$B$G$=$N%5!<%S%9$X$N@\B3$r(B
$B5v$9%"%I%l%9$r;XDj$9$k$3$H$G%m!<%+%k%5!<%P$H$7$F$N1?MQ$bA[Dj$5$l$F(B
$B$$$k$3$H$G$7$g$&$+!#(B

$B!!"($4;XDj$N(BIP$B%"%I%l%9$@$H%/%i%9(BB$B$K$J$j$^$9$,!"(Bnetstat$B$N=PNO$G$O(B/24$B$K(B
$B!!!!$J$C$F$$$k$N$G!"$=$N%l%s%8$G3dEv$F$F$$$kA0Ds$NNc$K$7$F$"$j$^$9!#(B

$B%5!<%P1?MQ$G(Bbge0$B$H(Bbge1$B$rFbB&!&30B&$G;H$$J,$1$k$N$G$"$l$P!"(BCLIENT$B$G$J$/(B
SIMPLE$B$r%Y!<%9$K%+%9%?%`$N%k!<%k%;%C%H$r:n$k$N$,Aa$=$&$G$9!#(B


> 
> $B$h$m$7$/!#(B
> 
> --------
> $B4];3D>>;!wE}7W?tM}8&5f=j(B
> _______________________________________________
> freebsd-users-jp@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-users-jp
> To unsubscribe, send any mail to "freebsd-users-jp-unsubscribe@freebsd.org"
> 


-- 
$B@DLZ(B $BCNL@(B  [Tomoaki AOKI]
    junchoon@dec.sakura.ne.jp

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160630184101.3d9147f02f8116fb260097e0>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact