Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jun 2016 18:57:20 +0900
From:      maruyama@ism.ac.jp (=?iso-2022-jp?B?GyRCNF07M0Q+PjsbKEI=?=)
To:        Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp>
Cc:        freebsd-users-jp@freebsd.org
Subject:   [FreeBSD-users-jp 95835] Re: =?iso-2022-jp?b?aXBmdxskQiRIGyhCRE5T?=
Message-ID:  <ydleg7f80e7.fsf@indra.ism.ac.jp>
In-Reply-To: <6d975439-389e-f2ee-5866-657ce86c1937@t.kanazawa-u.ac.jp> (message from Akihiro HIRANO on Thu, 30 Jun 2016 18:11:19 %2B0900)
next in thread | previous in thread | raw e-mail | index | archive | help 
$BJ?Ln(B $BMM!"@n:j(B $BMM!"8q9>(B $BMM(B

$B4];3$G$9!#M-Fq$&$4$6$$$^$7$?!#$*1"MM$K$F>/$7;d$NM}2r$,?J$s$@$h$&$K;W$$$^(B
$B$9!#(B

  02000 allow ip from any to any out keep-state

$B$r(B

  00110 allow ip from 133.58.124.49 to any

$B$G>e=q$-$7$A$c$C$F$$$k$N$G!"(B133.58.124.49 $B$G(B DNS response $B$,<u$1<h$l$J$/(B
$B$J$C$?!"$H$$$&7kO@$G$7$g$&$+!#(B

$B<+Bp$N(B PC $B$G$O:#(B

ipfw -q add 1200 allow ip from 192.168.255.1 to any keep-state
ipfw -q add 1200 allow ip from 192.168.255.0:255.255.255.0 to any

$B$H$7$F!"LdBj2r7h$7$^$7$?!#(B

$B$G!"2?$G$3$s$J$3$H$7$?$+$H$$$&$H!"(BNFS$B%5!<%P!<$r;EN)$F$F!"%5%V%M%C%HFb$N(B
$BB>$N%^%7%s$+$i%^%&%s%H$7$?$+$C$?$N$G$9!#$G$9$+$i(B to any $B$G$O$J$/!"$b$C$H(B
$B%]!<%H$r9J$l$k$N$G$9$,!"LLE]$@$+$i(B to any $B$K$7$F$3$&$$$&$3$H$K$J$C$F$7$^$C(B
$B$?$H$$$&<!Bh$G$9!#(B

$B$G!"DI2C$G$*?R$M$7$^$9$,!"$3$&$$$&>u67$G(B

$B@_Dj(B1
ipfw -q add 1200 allow ip from 192.168.255.1 to any keep-state
ipfw -q add 1200 allow ip from 192.168.255.0:255.255.255.0 to any

$B@_Dj(B2
ipfw -q add 1200 allow ip from 192.168.255.1 to any keep-state
ipfw -q add 1201 allow ip from 192.168.255.0:255.255.255.0 to any

$B@_Dj(B3
ipfw -q add 1201 allow ip from 192.168.255.1 to any keep-state
ipfw -q add 1200 allow ip from 192.168.255.0:255.255.255.0 to any

$B@_Dj(B4
ipfw -q add 1200 allow ip from 192.168.255.0:255.255.255.0 to any keep-state

$B$N$I$l$,!V@52r!W!"$"$k$$$O$*4+$a$G$7$g$&$+!#(B

localhost = 192.168.255.1 $B$G!"(B DNS$B%5!<%P!<$X$N(B query $B$O$3$N%$%s%?!<%U%'!<(B
$B%9$rDL$j$^$9!#(B

($BCQ$:$+$7$J$,$i(B keep-state $B$N0UL#$,$o$+$C$F$$$J$$$N$G!"$3$&$$$&<ALd$r$7(B
$B$F$*$j$^$9!#(B)

Thu, 30 Jun 2016 18:11:19 +0900
Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp> writes:

>$BJ?Ln!w6bBtBg$G$9!#(B
>
>On 2016/06/30 17:39, $B4];3D>>;(B wrote:
>> # ipfw list
>> 00020 allow ip from any to any via lo0
>> 01000 check-state
>> 01050 allow tcp from any to any established
>> 01100 allow udp from any to any established
>> 02000 allow ip from any to any out keep-state
>> 02050 allow ip6 from any to any out keep-state
>> 02100 allow ipv6-icmp from any to any keep-state
>> 02150 allow icmp from any to any keep-state
>> 10000 allow udp from any to any dst-port 5353 in keep-state
>> 10001 allow tcp from any to any dst-port 22 in keep-state
>> 64000 deny log ip from any to any
>> 65535 allow ip from any to any
>>
>> $B$3$N>uBV$G$O(B dig @133.58.32.12 ism.ac.jp ns $B$O@5>o$K7k2L$rI=<(!#(B
>
>$B!!(BDNS$B$NLd$$9g$o$;$rAw?.$9$k%Q%1%C%H$,(B
>
> > 02000 allow ip from any to any out keep-state
>
>$B$K9gCW$7$F!"$=$N8e$N%;%C%7%g%s$r5v2D$9$kF0E*%k!<%k$,@8@.$5$l$F!"(B
>$B$H$$$&N.$l$N$h$&$G$9!#(B
>
>> # ipfw list
>> 00020 allow ip from any to any via lo0
>> 00110 allow ip from 133.58.124.49 to any
>> 01000 check-state
>> 01050 allow tcp from any to any established
>> 01100 allow udp from any to any established
>> 02000 allow ip from any to any out keep-state
>> 02050 allow ip6 from any to any out keep-state
>> 02100 allow ipv6-icmp from any to any keep-state
>> 02150 allow icmp from any to any keep-state
>> 10000 allow udp from any to any dst-port 5353 in keep-state
>> 10001 allow tcp from any to any dst-port 22 in keep-state
>> 64000 deny log ip from any to any
>> 65535 allow ip from any to any
>>
>> $B$3$N$H$-!"(B
>>
>> % dig @133.58.32.12 ism.ac.jp ns
>
>$B!!$3$N>l9g$O!"(B
>
> > 00110 allow ip from 133.58.124.49 to any
>
>$B$GAw?.%Q%1%C%H$r5v2D$7$F!"8e$O$J$K$b$7$J$$$N$G!"(B
>$BLa$j%Q%1%C%H$O(B
>
> > 64000 deny log ip from any to any
>
>$B$G5qH]$5$l$k!"$+$H!#(B
>
>$B!!$*$=$i$/!"(B
>
>/etc/ipfw.custom
>         ipfw -q add 1200 allow ip from 133.58.124.49 to any keep-state
>
>$B$"$?$j$GF0$/$N$G$O$J$$$+$H;W$$$^$9!#(B
>$BHV9f$O$=$N$^$^(B110$B$G$bNI$$$N$G$9$,!"(B
>$B5v2D:Q$_$N%;%C%7%g%s$O(Bcheck-state$B$d(Bestablished$B$GAa$a$K9gCW$5$;$?$$(B
>$B$H$$$&<q;]$@$H;W$$$^$9$N$G!"$3$l$i$h$j$O8e$,$$$$$H;W$$$^$9!#(B
>
>$B!Z$4;29M![(B
>http://www.wakhok.ac.jp/~kanayama/semi/bsd/node141.html
>----
>$BJ?Ln989((B@$B6bBtBg3X(B $BBg3X1!(B $B<+A32J3X8&5f2J(B $BEE;R>pJs2J3X@l96(B
>hirano@t.kanazawa-u.ac.jp

--------
$B4];3D>>;!wE}7W?tM}8&5f=j(B

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ydleg7f80e7.fsf>