From owner-FreeBSD-users-jp@jp.freebsd.org  Mon Dec  3 11:08:28 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id LAA28082;
	Mon, 3 Dec 2001 11:08:28 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mail509.nifty.com (mail509.nifty.com [202.248.37.217])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id LAA28077
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 3 Dec 2001 11:08:28 +0900 (JST)
	(envelope-from endo_t@nifty.com)
Received: from aquamarineN
	by mail509.nifty.com (8.11.6+3.4W/3.7W-09/06/01) with ESMTP id fB328Se13786
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 3 Dec 2001 11:08:28 +0900
Date: Mon, 03 Dec 2001 11:08:27 +0900
From: =?ISO-2022-JP?B?GyRCMXNGIxsoQiAbJEI9U001GyhC?= <endo_t@nifty.com>
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <20011203.085909.63132717.yo1@lares.dti.ne.jp>
References: <20011203.074923.41629066.yo1@lares.dti.ne.jp> <20011203.085909.63132717.yo1@lares.dti.ne.jp>
Message-Id: <20011203110306.2054.ENDO_T@nifty.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.07
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 65925
Subject: [FreeBSD-users-jp 65925] Re: Yahoo!BB + ipfw
 =?ISO-2022-JP?B?GyRCJEc2NSQoJEYkLyRAJDUkJCEjGyhC?=
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: endo_t@nifty.com

$B1sF#$G$9!#(B

Mon, 03 Dec 2001 08:59:09 +0900 (JST) $B$K!"(B
Yoichi Ogawa <yo1@lares.dti.ne.jp> $B$5$s$O=q$-$^$7$?(B:

YO> >   pass ... from any to any in via <$B%$%s%?!<%U%'!<%9L>(B>
YO> > $B$_$?$$$K%$%s%?!<%U%'!<%9$G;XDj$9$k$H$$$&<j$b$"$j$^$9!#(B

$B$3$l$O!"$J$k$[$I$G$9!#(B
$B$?$V$s!"$=$&$J$s$@$m$&$J!"$H$O;W$C$F$$$?$N$G$9$,!"$I$C$A$+$iMh(B
$B$k$N$+!"$H$$$&$N$r(B in $B$G;XDj$9$k$H$O!#!#!#!#JY6/ITB-$N46$O$^$C(B
$B$?$/$b$C$FH]$a$^$;$s!#(B^^;

YO>   $B!&(Bnatd $B$r;H$C$F$F!$(B
YO>   $B!&30$+$i%"%/%;%9$G$-$k%0%m!<%P%k(B IP $B%"%I%l%9$,(B 1 $B$D$@$1$G(B
YO>   $B!&FbIt$O%W%i%$%Y!<%H%"%I%l%9$r;H$C$F$$$k(B
YO> 
YO> # $B$s$G$9$h$M!)(B(^_^;)

$B$G$9!"$G$9!#(B

YO> $B%"%I%l%9!K$@$1$G$"$k$H$$$&$3$H$K$J$k$N$G!$BeBX<jCJ$H$7$FM-8z(B
YO> $B$+$H;W$$$^$9!#(B

$B$=$&$G$9$M!#$3$l$G9T$C$F$_$^$9!#(B
$B$7$+$7!"%F%9%H4D6-$,(B NAT $B$NCf$K$"$k(B 192.168.0.0/16 $B$N%M%C%HFb(B
$B$J$N$G!"(BNAT + NAT $B$J$N$G!"30It$+$i$N(B ssh $B$N@\B3%F%9%H$,!#!#!#!J>P!K(B
$B7k6I0J2<$N$h$&$J@_Dj$KMn$ACe$/$3$H$K$J$j$^$7$?!#(B
$B$465<x$"$j$,$H$&$4$6$$$^$7$?!#(Bm(_ _)m

if [ -r /etc/defaults/rc.conf ]; then
        . /etc/defaults/rc.conf
        source_rc_confs
elif [ -r /etc/rc.conf ]; then
        . /etc/rc.conf
fi
fwcmd="/sbin/ipfw -q"
${fwcmd} -f flush
oif="ed1"
onet="1.2.3.0/24"
oip="1.2.3.4"
iif="ed2"
inet="192.168.151.0/24"
iip="192.168.151.1"
${fwcmd} add pass all from any to any via lo0
${fwcmd} add deny all from any to 127.0.0.0/8
${fwcmd} add deny ip from any to any via ${oif} frag
${fwcmd} add deny udp from any 137-139 to any
${fwcmd} add deny tcp from any 137-139 to any
${fwcmd} add deny udp from any to any 137-139
${fwcmd} add deny tcp from any to any 137-139
${fwcmd} add deny all from ${inet} to any in via ${oif}
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}
${fwcmd} add divert natd all from any to any via ${natd_interface}
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
${fwcmd} add pass tcp from any to any established
${fwcmd} add pass tcp from any to any 22 setup
${fwcmd} add reset tcp from any to any 113
${fwcmd} add deny log tcp from any to any in via ${oif} setup
${fwcmd} add pass tcp from any to any setup
${fwcmd} add pass udp from any to any 53
${fwcmd} add pass udp from any 53 to any
${fwcmd} add pass udp from any 123 to me
${fwcmd} add pass udp from me to any 123
${fwcmd} add pass icmp from any to any via ${iif}
${fwcmd} add pass icmp from any to any out via ${oif} icmptypes 8
${fwcmd} add pass icmp from any to any in via ${oif} icmptypes 0
${fwcmd} add pass icmp from any to any in via ${oif} icmptypes 3
${fwcmd} add deny log icmp from any to any

$B$5$F!"L@F|$+$i$NEl5~=PD%$N$?$a$K<+Bp%5!<%P$N@_Dj$H0aN`$N=`Hw$r;O$a(B
$B$^$9$+!#(B^^;

-- 
$B1sF#=SM5(B <endo_t@nifty.com>

