閱讀文章 - 看板 FreeBSD - 批踢踢實業坊

發信人lamb100.bbs@bbs.dwu.edu.tw (懷著戒慎恐懼的心),

看板FreeBSD

標題[問題]請問在OpenBSD的pf.conf中，怎樣去設定內部網路不能去特定的外部IP

發信站dwu (Tue Aug 31 11:38:43 2004)

轉信站ptt!ctu-reader!news.nctu!dwu

我參考了上奇出版的Absoulate OpenBSD的作法作了一個家用的NAT(兩張網路卡) 設定如下： ****************************************************************************** ext_if="rl1" int_if="rl0" private_ip="{10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}" block_ip="12.34.56.78" allow_dest="{5999,http,https,smtp,sftp}" allow_locl="{http,https,imap,imaps,pop2,pop3,pop3s,ssh,sftp,smtp}" scrub in all nat on $ext_if from $private_ip to any -> $ext_if block in log all pass in on $int_if inet from $private_ip to any modulate state pass in on $ext_if inet proto tcp from any to $ext_if port $allow_locl keep state pass in on $ext_if inet proto tcp from any port $allow_dest to $ext_if keep state block in on $int_if inet from $block_ip to any antispoof for $ext_if antispoof for $int_if ****************************************************************************** 為了要作到擋掉某個外部的實體IP進內部的私人IP 可是這樣作似乎作不到我要的樣子所以請問各位大大，該怎樣去設定相關的屬性或數值先謝謝將提出解答的大大了^^ -- ╭┼ Origin: 致遠心情 telnet://bbs.dwu.edu.tw ┼╯ From: h204-61-59-44.seed.net.tw