Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jun 2016 18:11:19 +0900
From:      Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp>
To:        freebsd-users-jp@freebsd.org
Subject:   [FreeBSD-users-jp 95832] Re: =?utf-8?q?ipfw=E3=81=A8DNS?=
Message-ID:  <6d975439-389e-f2ee-5866-657ce86c1937@t.kanazawa-u.ac.jp>
In-Reply-To: <ydlk2h783zc.fsf@indra.ism.ac.jp>
References:  <ydlk2h783zc.fsf@indra.ism.ac.jp>
next in thread | previous in thread | raw e-mail | index | archive | help 
$BJ?Ln!w6bBtBg$G$9!#(B

On 2016/06/30 17:39, $B4];3D>>;(B wrote:
> # ipfw list
> 00020 allow ip from any to any via lo0
> 01000 check-state
> 01050 allow tcp from any to any established
> 01100 allow udp from any to any established
> 02000 allow ip from any to any out keep-state
> 02050 allow ip6 from any to any out keep-state
> 02100 allow ipv6-icmp from any to any keep-state
> 02150 allow icmp from any to any keep-state
> 10000 allow udp from any to any dst-port 5353 in keep-state
> 10001 allow tcp from any to any dst-port 22 in keep-state
> 64000 deny log ip from any to any
> 65535 allow ip from any to any
>
> $B$3$N>uBV$G$O(B dig @133.58.32.12 ism.ac.jp ns $B$O@5>o$K7k2L$rI=<(!#(B

$B!!(BDNS$B$NLd$$9g$o$;$rAw?.$9$k%Q%1%C%H$,(B

 > 02000 allow ip from any to any out keep-state

$B$K9gCW$7$F!"$=$N8e$N%;%C%7%g%s$r5v2D$9$kF0E*%k!<%k$,@8@.$5$l$F!"(B
$B$H$$$&N.$l$N$h$&$G$9!#(B

> # ipfw list
> 00020 allow ip from any to any via lo0
> 00110 allow ip from 133.58.124.49 to any
> 01000 check-state
> 01050 allow tcp from any to any established
> 01100 allow udp from any to any established
> 02000 allow ip from any to any out keep-state
> 02050 allow ip6 from any to any out keep-state
> 02100 allow ipv6-icmp from any to any keep-state
> 02150 allow icmp from any to any keep-state
> 10000 allow udp from any to any dst-port 5353 in keep-state
> 10001 allow tcp from any to any dst-port 22 in keep-state
> 64000 deny log ip from any to any
> 65535 allow ip from any to any
>
> $B$3$N$H$-!"(B
>
> % dig @133.58.32.12 ism.ac.jp ns

$B!!$3$N>l9g$O!"(B

 > 00110 allow ip from 133.58.124.49 to any

$B$GAw?.%Q%1%C%H$r5v2D$7$F!"8e$O$J$K$b$7$J$$$N$G!"(B
$BLa$j%Q%1%C%H$O(B

 > 64000 deny log ip from any to any

$B$G5qH]$5$l$k!"$+$H!#(B

$B!!$*$=$i$/!"(B

/etc/ipfw.custom
         ipfw -q add 1200 allow ip from 133.58.124.49 to any keep-state

$B$"$?$j$GF0$/$N$G$O$J$$$+$H;W$$$^$9!#(B
$BHV9f$O$=$N$^$^(B110$B$G$bNI$$$N$G$9$,!"(B
$B5v2D:Q$_$N%;%C%7%g%s$O(Bcheck-state$B$d(Bestablished$B$GAa$a$K9gCW$5$;$?$$(B
$B$H$$$&<q;]$@$H;W$$$^$9$N$G!"$3$l$i$h$j$O8e$,$$$$$H;W$$$^$9!#(B

$B!Z$4;29M![(B
http://www.wakhok.ac.jp/~kanayama/semi/bsd/node141.html
----
$BJ?Ln989((B@$B6bBtBg3X(B $BBg3X1!(B $B<+A32J3X8&5f2J(B $BEE;R>pJs2J3X@l96(B
hirano@t.kanazawa-u.ac.jp

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6d975439-389e-f2ee-5866-657ce86c1937>