IP Filter教程:IP Filter Based Firewalls HOWTO（6）-中国计算机网,电脑教程,计算机教程，电脑基础知识,电脑入门知识,平面设计教程，多媒体教程，数据库教程，服务器教程，网络教程

>> 最新文章

>> 阅读排行

>> 推荐文章

IP Filter教程:IP Filter Based Firewalls HOWTO（6）

作者：佚名来源：不详点击数：更新时间：2008年04月05日

IP Filter Based Firewalls HOWTO
3.7 日志

如果你要使用日志设备dev/ipl，记得要加入关键字log.为了要看到日志信息，你必须运行ipmon(或者其它读取/dev/ipl的软件)。一般是使用ipmon -s向syslog写入信息。以ipfilter3.3为例，你甚至可以通过关键字log level控制syslog记录的行为：
block in log level auth.info quick on tun0 from 20.20.20.0/24 to any
block in log level auth.alert quick on tun0 proto tcp from any to 20.20.20.0/24 port = 21

另外你还可以对记录的信息进行裁剪，比如你对是否有人对你的telnet扫描感兴趣,但是对有人扫描你的telnet端口多少次并不感兴趣，你可以log first关键字来记录第一个包。
log的另外一个用处是跟踪你感兴趣的包，并且记录它的头部字段。Ipfilter使用关键字log body可以记录每个包的前128个字节。你应该限制使用body log，因为它会让你的日志变得冗长。

3.8 合并所有规则

现在我们有了一个非常严谨的防火墙了，但是它可以更严谨。先前我们去掉的防止欺骗的规则集实际上是很有用的。建议把它加上：
block in on tun0
block in quick on tun0 from 192.168.0.0/16 to any
block in quick on tun0 from 172.16.0.0/12 to any
block in quick on tun0 from 10.0.0.0/8 to any
block in quick on tun0 from 127.0.0.0/8 to any
block in quick on tun0 from 0.0.0.0/8 to any
block in quick on tun0 from 169.254.0.0/16 to any
block in quick on tun0 from 192.0.2.0/24 to any
block in quick on tun0 from 204.152.64.0/23 to any
block in quick on tun0 from 224.0.0.0/3 to any
block in log quick on tun0 from 20.20.20.0/24 to any
block in log quick on tun0 from any to 20.20.20.0/32
block in log quick on tun0 from any to 20.20.20.255/32
pass out quick on tun0 proto tcp/udp from 20.20.20.1/32 to any keep state
pass out quick on tun0 proto icmp from 20.20.20.1/32 to any keep state
pass in quick on tun0 proto tcp from any to 20.20.20.1/32 port = 80 flags S keep state

3.9 用规则组优化防火墙

让我们扩展一下我们的防火墙，使我们的防火墙更有用，作为例子我们将改变一下接口名字xl0,xl1,xl2。
xl0接外部网络20.20.20.0/26
xl1用于代理20.20.20.64/26
xl2连接受防火墙保护的网络20.20.20.128/25
我们先定义整个规则，你应该能清楚地理解它：
block in quick on xl0 from 192.168.0.0/16 to any
block in quick on xl0 from 172.16.0.0/12 to any
block in quick on xl0 from 10.0.0.0/8 to any
block in quick on xl0 from 127.0.0.0/8 to any
block in quick on xl0 from 0.0.0.0/8 to any
block in quick on xl0 from 169.254.0.0/16 to any
block in quick on xl0 from 192.0.2.0/24 to any
block in quick on xl0 from 204.152.64.0/23 to any
block in quick on xl0 from 224.0.0.0/3 to any
block in log quick on xl0 from 20.20.20.0/24 to any
block in log quick on xl0 from any to 20.20.20.0/32
block in log quick on xl0 from any to 20.20.20.63/32
block in log quick on xl0 from any to 20.20.20.64/32
block in log quick on xl0 from any to 20.20.20.127/32
block in log quick on xl0 from any to 20.20.20.128/32
block in log quick on xl0 from any to 20.20.20.255/32
pass out on xl0 all

pass out quick on xl1 proto tcp from any to 20.20.20.64/26 port = 80 flags S keep state
pass out quick on xl1 proto tcp from any to 20.20.20.64/26 port = 21 flags S keep state
pass out quick on xl1 proto tcp from any to 20.20.20.64/26 port = 20 flags S keep state
pass out quick on xl1 proto tcp from any to 20.20.20.65/32 port = 53 flags S keep state
pass out quick on xl1 proto udp from any to 20.20.20.65/32 port = 53 keep state
pass out quick on xl1 proto tcp from any to 20.20.20.66/32 port = 53 flags S keep state
pass out quick on xl1 proto udp from any to 20.20.20.66/32 port = 53 keep state
block out on xl1 all
pass in quick on xl1 proto tcp/udp from 20.20.20.64/26 to any keep state

block out on xl2 all
pass in quick on xl2 proto tcp

下一页
本文共 2 页,第 [1] [2] 页

Tags:IP Filter教程:IP Filter Based Firewalls HOWTO（6）

【发表评论】【告诉好友】【打印此文】【收藏此文】【关闭窗口】

上一篇：IP Filter教程:IP Filter Based Firewalls HOWTO（11）

下一篇：IP Filter教程:FreeBSD上用IP Filter进行桥过滤