FreeBSD/PPPOE

PPPOE †

カーネル再構築
/etc/ppp/ppp.confの編集
/etc/rc.confの編集
/etc/rc.ipfwの編集
/etc/natd.conf
再起動

カーネル再構築 †

下記のオプションを加えカーネル再構築を行います。
カーネル再構築はこちら参照

-----------------------------------
# PPPoE
options    NETGRAPH
options    NETGRAPH_ETHER
options    NETGRAPH_PPPOE
options    NETGRAPH_SOCKET
# NAT
options    IPDIVERT                        #NATを使う場合
# FIREWALL
options    IPFIREWALL
options    IPFIREWALL_VERBOSE              #ipfwでログを取る場合
options    IPFIREWALL_VERBOSE_LIMIT=50000
-----------------------------------

/etc/ppp/ppp.confの編集 †

ppp.confを編集し、プロバイダからもらっているIDとPasswordを記述する。

default:
 set log Phase Chat IPCP CCP tun command
 ident user-ppp VERSION (built COMPILATIONDATE)

 set device PPPoE:rl1
 set MRU 1492
 set MTU 1454

 accept CHAP
 accept lqr
 enable lqr

 set timeout 0

biglobe:
 set authname <ログインID>        #プロバイダからもらったID
 set authkey <パスワード>         #プロバイダからもらったパスワード
 add default HISADDR

/etc/rc.confの編集 †

# vi /etc/rc.conf
----------------------------------------
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="NO"                      #pppによるNATを禁止する
ppp_profile="biglobe"
firewall_enable="YES"
firewall_script="/etc/ipfw.conf"
natd_enable="YES"                 #natdによるNATを使用する
natd_interface="tun0"
natd_flags="-f /etc/natd.conf"
----------------------------------------

/etc/ipfw.confの編集*1 †

ファイアーフォールの設定ファイルを作成する

### 基本設定
IPFW="/sbin/ipfw"      # ipfw のフルパス
#ALLOW="allow log"     # allow 指定時の文字列．log を付け足すことでロギングも出来る．
ALLOW="allow"
DENY="deny log"                # deny 指定時の文字列．log を付け足すことでロギングも出来る．
#DENY="deny"

### まずは初期定義を初期化
ipfw -q -f flush

### 韓国からのアクセス拒否 to any
${IPFW} 010 add deny ip from 61.32.0.0/13 to any
${IPFW} 010 add deny ip from 61.40.0.0/14 to any
${IPFW} 010 add deny ip from 61.72.0.0/13 to any
${IPFW} 010 add deny ip from 61.80.0.0/14 to any
${IPFW} 010 add deny ip from 61.84.0.0/15 to any
${IPFW} 010 add deny ip from 61.96.0.0/12 to any
${IPFW} 010 add deny ip from 61.248.0.0/13 to any
${IPFW} 010 add deny ip from 128.134.0.0/16 to any
${IPFW} 010 add deny ip from 129.254.0.0/16 to any
${IPFW} 010 add deny ip from 134.75.0.0/16 to any
${IPFW} 010 add deny ip from 137.68.0.0/16 to any
${IPFW} 010 add deny ip from 141.223.0.0/16 to any
${IPFW} 010 add deny ip from 143.248.0.0/16 to any
${IPFW} 010 add deny ip from 147.6.0.0/16 to any
${IPFW} 010 add deny ip from 147.43.0.0/16 to any
${IPFW} 010 add deny ip from 147.46.0.0/15 to any
${IPFW} 010 add deny ip from 150.150.0.0/16 to any
${IPFW} 010 add deny ip from 150.183.0.0/16 to any
${IPFW} 010 add deny ip from 152.99.0.0/16 to any
${IPFW} 010 add deny ip from 152.149.0.0/16 to any
${IPFW} 010 add deny ip from 154.10.0.0/16 to any
${IPFW} 010 add deny ip from 155.230.0.0/16 to any
${IPFW} 010 add deny ip from 156.147.0.0/16 to any
${IPFW} 010 add deny ip from 157.197.0.0/16 to any
${IPFW} 010 add deny ip from 158.44.0.0/16 to any
${IPFW} 010 add deny ip from 161.122.0.0/16 to any
${IPFW} 010 add deny ip from 163.152.0.0/16 to any
${IPFW} 010 add deny ip from 163.180.0.0/16 to any
${IPFW} 010 add deny ip from 163.239.0.0/16 to any
${IPFW} 010 add deny ip from 164.124.0.0/15 to any
${IPFW} 010 add deny ip from 165.132.0.0/15 to any
${IPFW} 010 add deny ip from 165.141.0.0/16 to any
${IPFW} 010 add deny ip from 165.186.0.0/16 to any
${IPFW} 010 add deny ip from 165.194.0.0/16 to any
${IPFW} 010 add deny ip from 165.213.0.0/16 to any
${IPFW} 010 add deny ip from 165.229.0.0/16 to any
${IPFW} 010 add deny ip from 165.243.0.0/15 to any
${IPFW} 010 add deny ip from 165.244.0.0/16 to any
${IPFW} 010 add deny ip from 165.246.0.0/16 to any
${IPFW} 010 add deny ip from 166.79.0.0/16 to any
${IPFW} 010 add deny ip from 166.103.0.0/16 to any
${IPFW} 010 add deny ip from 166.104.0.0/16 to any
${IPFW} 010 add deny ip from 166.125.0.0/16 to any
${IPFW} 010 add deny ip from 168.78.0.0/16 to any
${IPFW} 010 add deny ip from 168.115.0.0/16 to any
${IPFW} 010 add deny ip from 168.126.0.0/16 to any
${IPFW} 010 add deny ip from 168.131.0.0/16 to any
${IPFW} 010 add deny ip from 168.154.0.0/16 to any
${IPFW} 010 add deny ip from 168.188.0.0/16 to any
${IPFW} 010 add deny ip from 168.219.0.0/16 to any
${IPFW} 010 add deny ip from 168.248.0.0/15 to any
${IPFW} 010 add deny ip from 169.140.0.0/16 to any
${IPFW} 010 add deny ip from 192.5.90.0/24 to any
${IPFW} 010 add deny ip from 192.100.2.0/24 to any
${IPFW} 010 add deny ip from 192.104.15.0/24 to any
${IPFW} 010 add deny ip from 192.132.15.0/24 to any
${IPFW} 010 add deny ip from 192.132.247.0/24 to any
${IPFW} 010 add deny ip from 192.132.248.0/22 to any
${IPFW} 010 add deny ip from 192.195.39.0/24 to any
${IPFW} 010 add deny ip from 192.195.40.0/24 to any
${IPFW} 010 add deny ip from 192.203.138.0/24 to any
${IPFW} 010 add deny ip from 192.203.139.0/24 to any
${IPFW} 010 add deny ip from 192.203.140.0/22 to any
${IPFW} 010 add deny ip from 192.203.144.0/23 to any
${IPFW} 010 add deny ip from 192.203.146.0/24 to any
${IPFW} 010 add deny ip from 192.245.249.0/24 to any
${IPFW} 010 add deny ip from 192.245.250.0/23 to any
${IPFW} 010 add deny ip from 192.249.16.0/20 to any
${IPFW} 010 add deny ip from 198.178.187.0/24 to any
${IPFW} 010 add deny ip from 202.6.95.0/24 to any
${IPFW} 010 add deny ip from 202.14.103.0/24 to any
${IPFW} 010 add deny ip from 202.14.165.0/24 to any
${IPFW} 010 add deny ip from 202.20.82.0/23 to any
${IPFW} 010 add deny ip from 202.20.84.0/23 to any
${IPFW} 010 add deny ip from 202.20.86.0/24 to any
${IPFW} 010 add deny ip from 202.20.99.0/24 to any
${IPFW} 010 add deny ip from 202.20.119.0/24 to any
${IPFW} 010 add deny ip from 202.20.128.0/17 to any
${IPFW} 010 add deny ip from 202.21.0.0/21 to any
${IPFW} 010 add deny ip from 202.30.0.0/15 to any
${IPFW} 010 add deny ip from 202.189.128.0/20 to any
${IPFW} 010 add deny ip from 203.224.0.0/11 to any
${IPFW} 010 add deny ip from 210.80.96.0/19 to any
${IPFW} 010 add deny ip from 210.90.0.0/15 to any
${IPFW} 010 add deny ip from 210.92.0.0/14 to any
${IPFW} 010 add deny ip from 210.96.0.0/11 to any
${IPFW} 010 add deny ip from 210.178.0.0/15 to any
${IPFW} 010 add deny ip from 210.180.0.0/14 to any
${IPFW} 010 add deny ip from 210.204.0.0/14 to any
${IPFW} 010 add deny ip from 210.216.0.0/13 to any
${IPFW} 010 add deny ip from 211.32.0.0/11 to any
${IPFW} 010 add deny ip from 211.104.0.0/13 to any
${IPFW} 010 add deny ip from 211.112.0.0/13 to any
${IPFW} 010 add deny ip from 211.168.0.0/13 to any
${IPFW} 010 add deny ip from 211.176.0.0/12 to any
${IPFW} 010 add deny ip from 211.192.0.0/10 to any
${IPFW} 010 add deny ip from 218.36.0.0/14 to any
${IPFW} 010 add deny ip from 218.48.0.0/13 to any
${IPFW} 010 add deny ip from 218.144.0.0/12 to any
${IPFW} 010 add deny ip from 218.232.0.0/13 to any
${IPFW} 010 add deny ip from 219.240.0.0/15 to any
${IPFW} 010 add deny ip from 219.248.0.0/13 to any
${IPFW} 010 add deny ip from 220.64.0.0/11 to any
${IPFW} 010 add deny ip from 220.116.0.0/14 to any
${IPFW} 010 add deny ip from 220.120.0.0/13 to any
${IPFW} 010 add deny ip from 221.138.0.0/15 to any
${IPFW} 010 add deny ip from 221.140.0.0/14 to any
${IPFW} 010 add deny ip from 221.144.0.0/12 to any
${IPFW} 010 add deny ip from 221.160.0.0/13 to any
${IPFW} 010 add deny ip from 221.168.0.0/16 to any
${IPFW} 010 add deny ip from 222.96.0.0/12 to any
${IPFW} 010 add deny ip from 222.112.0.0/13 to any
${IPFW} 010 add deny ip from 222.120.0.0/15 to any
${IPFW} 010 add deny ip from 222.122.0.0/16 to any
${IPFW} 010 add deny ip from 222.232.0.0/13 to any

### 中国からのアクセス拒否 to any
${IPFW} 010 add deny ip from 61.4.64.0/20 to any
${IPFW} 010 add deny ip from 61.28.0.0/17 to any
${IPFW} 010 add deny ip from 61.48.0.0/13 to any
${IPFW} 010 add deny ip from 61.128.0.0/13 to any
${IPFW} 010 add deny ip from 61.136.0.0/13 to any
${IPFW} 010 add deny ip from 61.144.0.0/12 to any
${IPFW} 010 add deny ip from 61.160.0.0/11 to any
${IPFW} 010 add deny ip from 61.232.0.0/14 to any
${IPFW} 010 add deny ip from 61.236.0.0/15 to any
${IPFW} 010 add deny ip from 61.240.0.0/14 to any
${IPFW} 010 add deny ip from 134.196.0.0/16 to any
${IPFW} 010 add deny ip from 159.226.0.0/16 to any
${IPFW} 010 add deny ip from 161.207.0.0/16 to any
${IPFW} 010 add deny ip from 162.105.0.0/16 to any
${IPFW} 010 add deny ip from 166.111.0.0/16 to any
${IPFW} 010 add deny ip from 167.139.0.0/16 to any
${IPFW} 010 add deny ip from 168.160.0.0/16 to any
${IPFW} 010 add deny ip from 192.83.122.0/24 to any
${IPFW} 010 add deny ip from 192.124.154.0/24 to any
${IPFW} 010 add deny ip from 192.188.170.0/24 to any
${IPFW} 010 add deny ip from 198.17.7.0/24 to any
${IPFW} 010 add deny ip from 198.97.132.0/24 to any
${IPFW} 010 add deny ip from 202.0.110.0/24 to any
${IPFW} 010 add deny ip from 202.0.160.0/20 to any
${IPFW} 010 add deny ip from 202.0.176.0/22 to any
${IPFW} 010 add deny ip from 202.3.77.0/24 to any
${IPFW} 010 add deny ip from 202.4.128.0/19 to any
${IPFW} 010 add deny ip from 202.14.88.0/24 to any
${IPFW} 010 add deny ip from 202.14.235.0/24 to any
${IPFW} 010 add deny ip from 202.14.236.0/23 to any
${IPFW} 010 add deny ip from 202.14.238.0/24 to any
${IPFW} 010 add deny ip from 202.20.120.0/24 to any
${IPFW} 010 add deny ip from 202.22.248.0/21 to any
${IPFW} 010 add deny ip from 202.38.0.0/20 to any
${IPFW} 010 add deny ip from 202.38.64.0/18 to any
${IPFW} 010 add deny ip from 202.38.128.0/21 to any
${IPFW} 010 add deny ip from 202.38.136.0/23 to any
${IPFW} 010 add deny ip from 202.38.138.0/24 to any
${IPFW} 010 add deny ip from 202.38.140.0/22 to any
${IPFW} 010 add deny ip from 202.38.144.0/22 to any
${IPFW} 010 add deny ip from 202.38.149.0/24 to any
${IPFW} 010 add deny ip from 202.38.150.0/23 to any
${IPFW} 010 add deny ip from 202.38.152.0/22 to any
${IPFW} 010 add deny ip from 202.38.156.0/24 to any
${IPFW} 010 add deny ip from 202.38.158.0/23 to any
${IPFW} 010 add deny ip from 202.38.160.0/23 to any
${IPFW} 010 add deny ip from 202.38.164.0/22 to any
${IPFW} 010 add deny ip from 202.38.168.0/21 to any
${IPFW} 010 add deny ip from 202.38.176.0/23 to any
${IPFW} 010 add deny ip from 202.38.184.0/21 to any
${IPFW} 010 add deny ip from 202.38.192.0/18 to any
${IPFW} 010 add deny ip from 202.90.0.0/22 to any
${IPFW} 010 add deny ip from 202.90.252.0/22 to any
${IPFW} 010 add deny ip from 202.91.0.0/22 to any
${IPFW} 010 add deny ip from 202.91.128.0/22 to any
${IPFW} 010 add deny ip from 202.92.0.0/22 to any
${IPFW} 010 add deny ip from 202.92.252.0/22 to any
${IPFW} 010 add deny ip from 202.93.0.0/22 to any
${IPFW} 010 add deny ip from 202.93.252.0/22 to any
${IPFW} 010 add deny ip from 202.94.0.0/19 to any
${IPFW} 010 add deny ip from 202.95.0.0/19 to any
${IPFW} 010 add deny ip from 202.95.252.0/22 to any
${IPFW} 010 add deny ip from 202.96.0.0/12 to any
${IPFW} 010 add deny ip from 202.112.0.0/13 to any
${IPFW} 010 add deny ip from 202.120.0.0/15 to any
${IPFW} 010 add deny ip from 202.122.0.0/21 to any
${IPFW} 010 add deny ip from 202.122.32.0/21 to any
${IPFW} 010 add deny ip from 202.122.128.0/24 to any
${IPFW} 010 add deny ip from 202.127.0.0/21 to any
${IPFW} 010 add deny ip from 202.127.12.0/22 to any
${IPFW} 010 add deny ip from 202.127.16.0/20 to any
${IPFW} 010 add deny ip from 202.127.40.0/21 to any
${IPFW} 010 add deny ip from 202.127.48.0/20 to any
${IPFW} 010 add deny ip from 202.127.128.0/19 to any
${IPFW} 010 add deny ip from 202.127.160.0/21 to any
${IPFW} 010 add deny ip from 202.127.192.0/21 to any
${IPFW} 010 add deny ip from 202.127.200.0/21 to any
${IPFW} 010 add deny ip from 202.127.208.0/20 to any
${IPFW} 010 add deny ip from 202.127.240.0/20 to any
${IPFW} 010 add deny ip from 202.130.0.0/19 to any
${IPFW} 010 add deny ip from 202.130.224.0/19 to any
${IPFW} 010 add deny ip from 202.131.208.0/20 to any
${IPFW} 010 add deny ip from 202.148.96.0/19 to any
${IPFW} 010 add deny ip from 202.168.160.0/20 to any
${IPFW} 010 add deny ip from 202.192.0.0/12 to any
${IPFW} 010 add deny ip from 203.79.0.0/20 to any
${IPFW} 010 add deny ip from 203.81.16.0/20 to any
${IPFW} 010 add deny ip from 203.87.224.0/19 to any
${IPFW} 010 add deny ip from 203.88.0.0/22 to any
${IPFW} 010 add deny ip from 203.89.0.0/22 to any
${IPFW} 010 add deny ip from 203.90.0.0/22 to any
${IPFW} 010 add deny ip from 203.92.0.0/22 to any
${IPFW} 010 add deny ip from 203.93.0.0/16 to any
${IPFW} 010 add deny ip from 203.94.0.0/19 to any
${IPFW} 010 add deny ip from 203.95.0.0/21 to any
${IPFW} 010 add deny ip from 203.128.128.0/19 to any
${IPFW} 010 add deny ip from 203.148.0.0/18 to any
${IPFW} 010 add deny ip from 203.175.128.0/19 to any
${IPFW} 010 add deny ip from 203.175.192.0/18 to any
${IPFW} 010 add deny ip from 203.192.0.0/19 to any
${IPFW} 010 add deny ip from 203.196.0.0/21 to any
${IPFW} 010 add deny ip from 203.207.64.0/18 to any
${IPFW} 010 add deny ip from 203.207.128.0/17 to any
${IPFW} 010 add deny ip from 203.208.0.0/20 to any
${IPFW} 010 add deny ip from 203.208.16.0/22 to any
${IPFW} 010 add deny ip from 203.212.0.0/20 to any
${IPFW} 010 add deny ip from 203.222.192.0/20 to any
${IPFW} 010 add deny ip from 203.223.0.0/20 to any
${IPFW} 010 add deny ip from 210.5.0.0/19 to any
${IPFW} 010 add deny ip from 210.5.128.0/20 to any
${IPFW} 010 add deny ip from 210.12.0.0/15 to any
${IPFW} 010 add deny ip from 210.14.64.0/19 to any
${IPFW} 010 add deny ip from 210.14.160.0/19 to any
${IPFW} 010 add deny ip from 210.14.192.0/18 to any
${IPFW} 010 add deny ip from 210.15.0.0/17 to any
${IPFW} 010 add deny ip from 210.15.128.0/18 to any
${IPFW} 010 add deny ip from 210.21.0.0/16 to any
${IPFW} 010 add deny ip from 210.22.0.0/16 to any
${IPFW} 010 add deny ip from 210.25.0.0/16 to any
${IPFW} 010 add deny ip from 210.26.0.0/15 to any
${IPFW} 010 add deny ip from 210.28.0.0/14 to any
${IPFW} 010 add deny ip from 210.32.0.0/12 to any
${IPFW} 010 add deny ip from 210.51.0.0/16 to any
${IPFW} 010 add deny ip from 210.52.0.0/15 to any
${IPFW} 010 add deny ip from 210.72.0.0/14 to any
${IPFW} 010 add deny ip from 210.76.0.0/15 to any
${IPFW} 010 add deny ip from 210.78.0.0/16 to any
${IPFW} 010 add deny ip from 210.79.224.0/19 to any
${IPFW} 010 add deny ip from 210.82.0.0/15 to any
${IPFW} 010 add deny ip from 210.87.128.0/20 to any
${IPFW} 010 add deny ip from 210.192.96.0/19 to any
${IPFW} 010 add deny ip from 210.211.0.0/20 to any
${IPFW} 010 add deny ip from 211.64.0.0/13 to any
${IPFW} 010 add deny ip from 211.80.0.0/13 to any
${IPFW} 010 add deny ip from 211.88.0.0/13 to any
${IPFW} 010 add deny ip from 211.96.0.0/13 to any
${IPFW} 010 add deny ip from 211.136.0.0/13 to any
${IPFW} 010 add deny ip from 211.144.0.0/12 to any
${IPFW} 010 add deny ip from 211.160.0.0/13 to any
${IPFW} 010 add deny ip from 218.0.0.0/13 to any
${IPFW} 010 add deny ip from 218.8.0.0/13 to any
${IPFW} 010 add deny ip from 218.16.0.0/12 to any
${IPFW} 010 add deny ip from 218.56.0.0/13 to any
${IPFW} 010 add deny ip from 218.64.0.0/11 to any
${IPFW} 010 add deny ip from 218.96.0.0/14 to any
${IPFW} 010 add deny ip from 218.104.0.0/14 to any
${IPFW} 010 add deny ip from 218.108.0.0/15 to any
${IPFW} 010 add deny ip from 218.192.0.0/12 to any
${IPFW} 010 add deny ip from 218.240.0.0/13 to any
#2006/03/18追加
${IPFW} 010 add deny ip from 218.75.96.252/30 to any
${IPFW} 010 add deny ip from 219.72.0.0/16 to any
${IPFW} 010 add deny ip from 219.82.0.0/16 to any
${IPFW} 010 add deny ip from 219.128.0.0/11 to any
${IPFW} 010 add deny ip from 219.216.0.0/13 to any
${IPFW} 010 add deny ip from 219.224.0.0/12 to any
${IPFW} 010 add deny ip from 219.242.0.0/15 to any
${IPFW} 010 add deny ip from 219.244.0.0/14 to any
${IPFW} 010 add deny ip from 220.112.0.0/14 to any
${IPFW} 010 add deny ip from 220.160.0.0/11 to any
${IPFW} 010 add deny ip from 220.192.0.0/12 to any
${IPFW} 010 add deny ip from 220.248.0.0/14 to any
${IPFW} 010 add deny ip from 220.252.0.0/16 to any
${IPFW} 010 add deny ip from 221.0.0.0/14 to any
${IPFW} 010 add deny ip from 221.4.0.0/15 to any
${IPFW} 010 add deny ip from 221.6.0.0/16 to any
${IPFW} 010 add deny ip from 221.7.0.0/18 to any
${IPFW} 010 add deny ip from 221.7.64.0/19 to any
${IPFW} 010 add deny ip from 221.7.128.0/17 to any
${IPFW} 010 add deny ip from 221.8.0.0/15 to any
${IPFW} 010 add deny ip from 221.10.0.0/16 to any
${IPFW} 010 add deny ip from 221.11.0.0/17 to any
${IPFW} 010 add deny ip from 221.11.128.0/18 to any
${IPFW} 010 add deny ip from 221.11.192.0/19 to any
${IPFW} 010 add deny ip from 221.12.0.0/17 to any
${IPFW} 010 add deny ip from 221.12.128.0/18 to any
${IPFW} 010 add deny ip from 221.13.0.0/18 to any
${IPFW} 010 add deny ip from 221.13.64.0/19 to any
${IPFW} 010 add deny ip from 221.13.128.0/17 to any
${IPFW} 010 add deny ip from 221.14.0.0/15 to any
${IPFW} 010 add deny ip from 221.122.0.0/15 to any
${IPFW} 010 add deny ip from 221.129.0.0/16 to any
${IPFW} 010 add deny ip from 221.130.0.0/15 to any
${IPFW} 010 add deny ip from 221.136.0.0/15 to any
${IPFW} 010 add deny ip from 221.172.0.0/14 to any
${IPFW} 010 add deny ip from 221.176.0.0/13 to any
${IPFW} 010 add deny ip from 221.192.0.0/15 to any
${IPFW} 010 add deny ip from 221.194.0.0/16 to any
${IPFW} 010 add deny ip from 221.196.0.0/15 to any
${IPFW} 010 add deny ip from 221.198.0.0/16 to any
${IPFW} 010 add deny ip from 221.199.0.0/19 to any
${IPFW} 010 add deny ip from 221.199.32.0/20 to any
${IPFW} 010 add deny ip from 221.199.128.0/18 to any
${IPFW} 010 add deny ip from 221.199.192.0/20 to any
${IPFW} 010 add deny ip from 221.200.0.0/14 to any
${IPFW} 010 add deny ip from 221.204.0.0/15 to any
${IPFW} 010 add deny ip from 221.207.0.0/18 to any
${IPFW} 010 add deny ip from 221.208.0.0/14 to any
${IPFW} 010 add deny ip from 221.212.0.0/16 to any
${IPFW} 010 add deny ip from 221.214.0.0/15 to any
${IPFW} 010 add deny ip from 221.216.0.0/13 to any
${IPFW} 010 add deny ip from 221.224.0.0/12 to any
${IPFW} 010 add deny ip from 222.16.0.0/12 to any
${IPFW} 010 add deny ip from 222.32.0.0/11 to any
${IPFW} 010 add deny ip from 222.64.0.0/13 to any
${IPFW} 010 add deny ip from 222.72.0.0/15 to any
${IPFW} 010 add deny ip from 222.74.0.0/16 to any
${IPFW} 010 add deny ip from 222.76.0.0/14 to any
${IPFW} 010 add deny ip from 222.80.0.0/14 to any
${IPFW} 010 add deny ip from 222.84.0.0/16 to any
${IPFW} 010 add deny ip from 222.85.128.0/17 to any
${IPFW} 010 add deny ip from 222.86.0.0/15 to any
${IPFW} 010 add deny ip from 222.128.0.0/12 to any
${IPFW} 010 add deny ip from 222.160.0.0/15 to any
${IPFW} 010 add deny ip from 222.162.0.0/16 to any
${IPFW} 010 add deny ip from 222.163.0.0/19 to any
${IPFW} 010 add deny ip from 222.232.0.0/13 to any
${IPFW} 010 add deny ip from 222.240.0.0/13 to any
${IPFW} 010 add deny ip from 222.248.0.0/15 to any

### ICMP 用ルール - ADSL では ICMP をブロックしてはならない
${IPFW} 100 add ${ALLOW} icmp from any to any

### ループバックパケットの許可
${IPFW} 200 add ${ALLOW} ip from any to any via lo0

### 断片化されたパケットの破棄
${IPFW} 300 add ${DENY} ip from any to any via tun0 frag

### 内側のネットワークは制限無し
${IPFW} 400 add ${ALLOW} ip from 192.168.1.0/24 to any via rl1
${IPFW} 410 add ${ALLOW} ip from any to 192.168.1.0/24 via rl1

### アドレス詐称パケットの拒否
${IPFW} 500 add ${DENY} ip from 192.168.1.0/24 to any recv tun0
${IPFW} 510 add ${DENY} ip from 127.0.0.1 to any recv tun0
${IPFW} 520 add ${DENY} ip from any to 127.0.0.0/8
${IPFW} 530 add ${DENY} ip from 127.0.0.0/8 to any

### NetBIOS を破棄
${IPFW} 600 add deny tcp from any 137-139,445 to any
${IPFW} 610 add deny udp from any 137-139,445 to any
${IPFW} 620 add deny tcp from any to any 137-139,445
${IPFW} 630 add deny udp from any to any 137-139,445
${IPFW} 640 add deny tcp from any 135 to any
${IPFW} 650 add deny udp from any 135 to any
${IPFW} 660 add deny tcp from any to any 135
${IPFW} 670 add deny udp from any to any 135


### NAT 用
${IPFW} 900 add divert 8668 ip from any to any via tun0

### パケットが既に確立されているパケットを許可
${IPFW} 1000 add ${ALLOW} tcp from any to any established

### tun0 を通過する内部から外側へのすべてのパケット通過の許可
${IPFW} 1010 add ${ALLOW} ip from any to any out via tun0

### 外部 DNS 参照時の要求と返答を許可
${IPFW} 1300 add ${ALLOW} udp from any to any 53
${IPFW} 1310 add ${ALLOW} udp from any 53 to any

### 外からの HTTP(S) を許可
${IPFW} 1400 add ${ALLOW} tcp from any to 192.168.1.1 80 setup
${IPFW} 1410 add ${ALLOW} tcp from any to 192.168.1.1 443 setup

### 外からの SMTP を許可
${IPFW} 1500 add ${ALLOW} tcp from any to 192.168.1.1 25 setup

### NTP 返信を許可
${IPFW} 1600 add ${ALLOW} udp from any 123 to any

### SNMP 返信を許可
${IPFW} 1700 add ${ALLOW} udp from any 161 to any

### 外からの POP3 を許可
${IPFW} 1800 add ${ALLOW} tcp from any to 192.168.1.1 110 setup

### 外からの IMAP を許可
${IPFW} 1850 add ${ALLOW} tcp from any to 192.168.1.1 143 setup

### 外からの FTP を許可
${IPFW} 1900 add ${ALLOW} tcp from any to 192.168.1.1 20 setup
${IPFW} 1910 add ${ALLOW} udp from any to 192.168.1.1 20
${IPFW} 1920 add ${ALLOW} tcp from any to 192.168.1.1 21 setup
${IPFW} 1930 add ${ALLOW} udp from any to 192.168.1.1 21

# PASV 用
${IPFW} 1940 add ${ALLOW} tcp from any to 192.168.1.1 7000-7030
${IPFW} 1950 add ${ALLOW} udp from any to 192.168.1.1 7000-7030

# WinMX用
${IPFW} 1960 add ${ALLOW} tcp from any to 192.168.1.15 11624

#MapleStory パッチ用
${IPFW} 1980 add ${ALLOW} tcp from any 20 to any

#IDENTには答えない
${IPFW} 1985 add reset tcp from any to 192.168.1.1 113 in recv any

### ICQ を許可
${IPFW} 2000 add ${ALLOW} udp from any 4000 to any in recv tun0

### 外からの SSH を許可
${IPFW} 2100 add ${ALLOW} tcp from any to 192.168.1.11 22 setup

### それ以外はログを取って全て拒否
${IPFW} 9900 add ${DENY} tcp from any to any

### keep-state を使った、LAN から外部への UDP 通信の許可
${IPFW} 20000 add ${ALLOW} udp from any to any keep-state out via tun0
${IPFW} 20010 add check-state

### それ以外の UDP パケットの禁止
${IPFW} 20020 add ${DENY} udp from any to any

### Default setting. Don't chage! ##############
#ipfw 65536 add deny ip any to any
################################################

再起動 †

ここまで設定できたら、再起動をかける

# reboot

*1 中国からのアクセス拒否、参考にしたサイト：がとらほ ipfwによるIPパケットフィルタリング

ナビゲーション

検索

ツールボックス

最新の40件

FreeBSD/PPPOE

PPPOE †

カーネル再構築 †

/etc/ppp/ppp.confの編集 †

/etc/rc.confの編集 †

/etc/ipfw.confの編集*1 †

再起動 †