From owner-FreeBSD-net-jp@jp.FreeBSD.org Wed Oct 15 06:22:37 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id h9ELMb699661;
	Wed, 15 Oct 2003 06:22:37 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from mgate14.so-net.ne.jp (mgate14.so-net.ne.jp [210.139.254.161])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id h9ELMbM99656
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Wed, 15 Oct 2003 06:22:37 +0900 (JST)
	(envelope-from mmasuda@ba2.so-net.ne.jp)
Received: from mail.ba2.so-net.ne.jp (mspool28.so-net.ne.jp [210.139.248.26])
	by mgate14.so-net.ne.jp  with ESMTP id h9ELMbn24754
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Wed, 15 Oct 2003 06:22:37 +0900 (JST)
Received: from ba2.so-net.ne.jp (eatkyo016066.adsl.ppp.infoweb.ne.jp [61.124.124.66])
	by mail.ba2.so-net.ne.jp  with ESMTP id h9ELMa108752
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Wed, 15 Oct 2003 06:22:37 +0900 (JST)
Message-ID: <3F8C691C.2030601@ba2.so-net.ne.jp>
From: "MASUDA,Masahi" <mmasuda@ba2.so-net.ne.jp>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4.1) Gecko/20031012
X-Accept-Language: ja, en-us, en
MIME-Version: 1.0
To: FreeBSD-net-jp@jp.FreeBSD.org
References: <20031014183602.6826.qmail@web504.mail.yahoo.co.jp>
In-Reply-To: <20031014183602.6826.qmail@web504.mail.yahoo.co.jp>
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 15 Oct 2003 06:22:36 +0900
X-Sequence: FreeBSD-net-jp 4004
Subject: [FreeBSD-net-jp 4004] Re:  LAN =?ISO-2022-JP?B?GyRCRmIbKEI=?=
 =?ISO-2022-JP?B?GyRCSXQkTiUvJWklJCUiJXMlSCQrJGkbKEI=?= PING
 =?ISO-2022-JP?B?GyRCJCxETCRpJEokJBsoQg==?=
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: mmasuda@ba2.so-net.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+031013

$BA}ED$G$9!#(B
$B%Q%1%C%H$N5$;}$A$K$J$C$F9M$($h$&!#(B:-)


$BNkLZ(B $B3X(B wrote:

$B!cA0N,!d(B

> IPFW$B$N@_Dj$r2<5-$K<($7$^$9!#(B
> # /usr/local/etc/rc.ipfw
> IPFW="/sbin/ipfw"
> ALLOW="allow log"
> DENY="deny log"
> ipfw -q -f flush
> ${IPFW} 100 add ${ALLOW} icmp from any to any

$B$3$3$N9T$G(Bicmp $B$N%Q%1%C%H$O%^%C%A$7$F$7$^$$$^$9!#$D$^$j(B
divert $B$5$l$J$$(B($B!a(Bnat$B$5$l$J$$(B)$B$N$,$"$J$?$N$H$3$m$K5/$-(B
$B$F$$$k8=>]$G$9!#(B
${IPFW} 100 add ${ALLOW} icmp from any to any
$B$r:o=|$7$F$_$F$/$@$5$$!#(B

> ${IPFW} 200 add ${ALLOW} ip from any to any via lo0
> ${IPFW} 300 add ${DENY} ip from any to any via tun0 frag
> ${IPFW} 400 add ${ALLOW} ip from 192.168.1.0/24 to any via
> rl0
> ${IPFW} 410 add ${ALLOW} ip from any to 192.168.1.0/24 via
> rl0
> ${IPFW} 500 add ${DENY} ip from 192.168.1.0/24 to any recv
> tun0
> ${IPFW} 510 add ${DENY} ip from 127.0.0.1 to any recv tun0
> ${IPFW} 520 add ${DENY} ip from any to 127.0.0.0/8
> ${IPFW} 530 add ${DENY} ip from 127.0.0.0/8 to any
> ${IPFW} 600 add ${DENY} tcp from any 137-139,445 to any
> ${IPFW} 610 add ${DENY} udp from any 137-139,445 to any
> ${IPFW} 620 add ${DENY} tcp from any to any 137-139,445
> ${IPFW} 630 add ${DENY} udp from any to any 137-139,445
> ${IPFW} 900 add divert 8668 ip from any to any via tun0
$B!c8eN,!d(B

-- 
MASUDA Masashi <mmasuda@ba2.so-net.ne.jp> <http://unixluser.org/>
IRChat #NFL:*.jp <http://unixluser.org/irc-nfl-japanese.html>
$B%Q%1%C%H$N5$;}$A$K$J$C$F9M$($h$&!#(B:-)

