skinhead 44 Posted July 11, 2013 IPF="ipfw -q add" ipfw -q -f flush #loopback $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag # statefull $IPF 50 check-state $IPF 60 allow tcp from any to any established $IPF 70 allow all from any to any out keep-state $IPF 80 allow icmp from any to any # open port ftp (20,21), ssh (22), mail (25) # http (80), dns (53) etc $IPF 110 allow tcp from any to any 21 in $IPF 120 allow tcp from any to any 21 out $IPF 130 allow tcp from any to any 22 in $IPF 140 allow tcp from any to any 22 out $IPF 170 allow udp from any to any 53 in $IPF 175 allow tcp from any to any 53 in $IPF 180 allow udp from any to any 53 out $IPF 185 allow tcp from any to any 53 out #Für deinen M2 Server $IPF 200 allow tcp from any to any 11002 in $IPF 210 allow tcp from any to any 11002 out $IPF 200 allow udp from any to any 11002 in $IPF 210 allow udp from any to any 11002 out $IPF 200 allow tcp from any to any 13099 in $IPF 210 allow tcp from any to any 13099 out $IPF 200 allow tcp from any to any 13100 in $IPF 210 allow tcp from any to any 13100 out $IPF 200 allow tcp from any to any 13101 in $IPF 210 allow tcp from any to any 13101 out $IPF 200 allow tcp from any to any 13102 in $IPF 210 allow tcp from any to any 13102 out $IPF 200 allow tcp from any to any 13103 in $IPF 210 allow tcp from any to any 13103 out $IPF 200 allow tcp from any to any 13070 in $IPF 210 allow tcp from any to any 13070 out $IPF 200 allow tcp from any to any 13071 in $IPF 210 allow tcp from any to any 13071 out $IPF 200 allow tcp from any to any 13072 in $IPF 210 allow tcp from any to any 13072 out $IPF 200 allow tcp from any to any 13073 in $IPF 210 allow tcp from any to any 13073 out $IPF 200 allow tcp from any to any 13074 in $IPF 210 allow tcp from any to any 13074 out $IPF 200 allow tcp from any to any 14070 in $IPF 210 allow tcp from any to any 14070 out $IPF 200 allow tcp from any to any 14071 in $IPF 210 allow tcp from any to any 14071 out $IPF 200 allow tcp from any to any 14072 in $IPF 210 allow tcp from any to any 14072 out $IPF 200 allow tcp from any to any 14073 in $IPF 210 allow tcp from any to any 14073 out $IPF 200 allow tcp from any to any 14074 in $IPF 210 allow tcp from any to any 14074 out $IPF 200 allow tcp from any to any 15070 in $IPF 210 allow tcp from any to any 15070 out $IPF 200 allow tcp from any to any 15071 in $IPF 210 allow tcp from any to any 15071 out $IPF 200 allow tcp from any to any 15072 in $IPF 210 allow tcp from any to any 15072 out $IPF 200 allow tcp from any to any 15073 in $IPF 210 allow tcp from any to any 15073 out $IPF 200 allow tcp from any to any 15074 in $IPF 210 allow tcp from any to any 15074 out $IPF 200 allow tcp from any to any 16070 in $IPF 210 allow tcp from any to any 16070 out $IPF 200 allow tcp from any to any 16071 in $IPF 210 allow tcp from any to any 16071 out $IPF 200 allow tcp from any to any 16072 in $IPF 210 allow tcp from any to any 16072 out $IPF 200 allow tcp from any to any 16073 in $IPF 210 allow tcp from any to any 16073 out $IPF 200 allow tcp from any to any 16074 in $IPF 210 allow tcp from any to any 16074 out ### INTERFACES ### if = "{ em0 }" #Intra table <intranet> { 127.0.0.1 } pass in quick from <intranet> to any keep state #Network table <network> persist block quick from <network> pass in on $if proto tcp from any to any \ keep state (max-src-conn 60, max-src-conn-rate 15/1, \ overload <network> flush global) #ruleset block in all pass in quick on lo0 pass out quick on lo0 table <bruteforce> persist file "/var/db/blacklist" block quick from <bruteforce> pass in quick on em0 proto tcp from any to any port 22 keep state pass in quick on em0 proto tcp from any to any port 3306 keep state pass in quick on em0 proto tcp from any to any port 11002 keep state pass in quick on em0 proto tcp from any to any port 13070 keep state pass in quick on em0 proto tcp from any to any port 13071 keep state pass in quick on em0 proto tcp from any to any port 13072 keep state pass in quick on em0 proto tcp from any to any port 13073 keep state pass in quick on em0 proto tcp from any to any port 13074 keep state pass in quick on em0 proto tcp from any to any port 14070 keep state pass in quick on em0 proto tcp from any to any port 14071 keep state pass in quick on em0 proto tcp from any to any port 14072 keep state pass in quick on em0 proto tcp from any to any port 14073 keep state pass in quick on em0 proto tcp from any to any port 14074 keep state pass in quick on em0 proto tcp from any to any port 15070 keep state pass in quick on em0 proto tcp from any to any port 15071 keep state pass in quick on em0 proto tcp from any to any port 15072 keep state pass in quick on em0 proto tcp from any to any port 15073 keep state pass in quick on em0 proto tcp from any to any port 15074 keep state pass in quick on em0 proto tcp from any to any port 16070 keep state pass in quick on em0 proto tcp from any to any port 16071 keep state pass in quick on em0 proto tcp from any to any port 16072 keep state pass in quick on em0 proto tcp from any to any port 16073 keep state pass in quick on em0 proto tcp from any to any port 16074 keep state pass in quick on em0 proto tcp from any to any port 13099 keep state pass in quick on em0 proto tcp from any to any port 13100 keep state pass in quick on em0 proto tcp from any to any port 13101 keep state pass in quick on em0 proto tcp from any to any port 13102 keep state pass in quick on em0 proto tcp from any to any port 13103 keep state pass out all keep state Créditos: .Yacki epvp 1 NewWars reacted to this Share this post Link to post Share on other sites
.SNiK 72 Posted July 13, 2013 Explique. Isto serve para?Proteção firewall Share this post Link to post Share on other sites
Quityng 20 Posted August 8, 2013 Onde se mete isso? Share this post Link to post Share on other sites
Vintereais 5 Posted September 25, 2013 Créditos: .Yacki epvp Share this post Link to post Share on other sites
TitaniiuMwOw 17 Posted April 1, 2014 Alguém me diz como se aplica isto?? +1 a quem ajudar Share this post Link to post Share on other sites
skinhead 44 Posted March 2, 2016 Boas, a todos quero deixar isso mais explicito.. Isso mete-se cd /etc ----> rc.conf firewall_enable="YES" firewall_script="/etc/ipfw.rules" Criam um ficheiro na mesma pasta /etc -----> ipfw.rules IPF="ipfw -q add" ipfw -q -f flush ##Custom-Rules #P2P Ports ## Portas p2p ataque nulo $IPF 4 allow all from me to any 11012 ## Auth P2P $IPF 5 allow all from 127.0.0.0/8 to any 11012 ## Auth P2P $IPF 6 deny all from any to me 11012 ## Auth P2P $IPF 7 allow all from me to any 13000 ## Ch1 P2p Protection $IPF 8 allow all from 127.0.0.0/8 to any 13010 ## Ch1 P2p Protection $IPF 9 deny all from any to me 13000 ## Ch1 P2p Protection $IPF 10 allow all from me to any 13100 ## Ch2 P2p Protection $IPF 11 allow all from 127.0.0.0/8 to any 13100 ## Ch2 P2p Protection $IPF 12 deny all from any to me 13100 ## Ch2 P2p Protection $IPF 13 allow all from me to any 16000 ## Ch3 P2p Protection $IPF 14 allow all from 127.0.0.0/8 to any 16000 ## Ch3 P2p Protection $IPF 15 deny all from any to me 16000 ## Ch3 P2p Protection $IPF 16 allow all from me to any 19000 ## Ch4 P2p Protection $IPF 17 allow all from 127.0.0.0/8 to any 19000 ## Ch4 P2p Protection $IPF 18 deny all from any to me 19000 ## Ch4 P2p Protection $IPF 19 allow all from me to any 20000 ## Ch99 P2p Protection $IPF 20 allow all from 127.0.0.0/8 to any 20000 ## Ch1 P2p Protection $IPF 21 deny all from any to me 20000 ## Ch99 P2p Protection #Game Ports ## Portas do jogo e chs $IPF 22 allow all form any to me 11020 ## Auth $IPF 23 allow all from any to me 13000 ## CH1 $IPF 24 allow all from any to me 16000 ## Ch2 $IPF 25 allow all from any to me 19000 ## Ch3 $IPF 26 allow all from any to me 21000 ## ch4 $IPF 27 allow all from any to me 13099 ## ch99 #Dienste ## ports ftp mysql site $IPF 28 allow all from any to me 3306 # Mysql $IPF 29 allow all from any to me 80 # SITE $IPF 30 allow all from any to me 21 # FPT ##Standart Regeln # Bits importantes $IPF 10000 allow all from any to any via lo0 $IPF 20000 deny all from any to 127.0.0.0/8 $IPF 30000 deny all from 127.0.0.0/8 to any $IPF 40000 allow all from any to any Os ## Pode apagar o que se encontra a frente Queria pedir a um moderador para meter isso lá em cima sff porque assim tá melhor explisito <---- apagar essa linha ps: Qualquer mal configuranção pode lixar a maquina... Créditos: .Yacki epvp Editado, e explicado por: SkinHead Share this post Link to post Share on other sites