FreeBSD/PPPOE
PPPOE †
カーネル再構築 †
下記のオプションを加えカーネル再構築を行います。
カーネル再構築はこちら参照
----------------------------------- # PPPoE options NETGRAPH options NETGRAPH_ETHER options NETGRAPH_PPPOE options NETGRAPH_SOCKET # NAT options IPDIVERT #NATを使う場合 # FIREWALL options IPFIREWALL options IPFIREWALL_VERBOSE #ipfwでログを取る場合 options IPFIREWALL_VERBOSE_LIMIT=50000 -----------------------------------
/etc/ppp/ppp.confの編集 †
ppp.confを編集し、プロバイダからもらっているIDとPasswordを記述する。
default: set log Phase Chat IPCP CCP tun command ident user-ppp VERSION (built COMPILATIONDATE) set device PPPoE:rl1 set MRU 1492 set MTU 1454 accept CHAP accept lqr enable lqr set timeout 0 biglobe: set authname <ログインID> #プロバイダからもらったID set authkey <パスワード> #プロバイダからもらったパスワード add default HISADDR
/etc/rc.confの編集 †
# vi /etc/rc.conf ---------------------------------------- ppp_enable="YES" ppp_mode="ddial" ppp_nat="NO" #pppによるNATを禁止する ppp_profile="biglobe" firewall_enable="YES" firewall_script="/etc/ipfw.conf" natd_enable="YES" #natdによるNATを使用する natd_interface="tun0" natd_flags="-f /etc/natd.conf" ----------------------------------------
/etc/ipfw.confの編集*1 †
ファイアーフォールの設定ファイルを作成する
### 基本設定 IPFW="/sbin/ipfw" # ipfw のフルパス #ALLOW="allow log" # allow 指定時の文字列.log を付け足すことでロギングも出来る. ALLOW="allow" DENY="deny log" # deny 指定時の文字列.log を付け足すことでロギングも出来る. #DENY="deny" ### まずは初期定義を初期化 ipfw -q -f flush ### 韓国からのアクセス拒否 to any ${IPFW} 010 add deny ip from 61.32.0.0/13 to any ${IPFW} 010 add deny ip from 61.40.0.0/14 to any ${IPFW} 010 add deny ip from 61.72.0.0/13 to any ${IPFW} 010 add deny ip from 61.80.0.0/14 to any ${IPFW} 010 add deny ip from 61.84.0.0/15 to any ${IPFW} 010 add deny ip from 61.96.0.0/12 to any ${IPFW} 010 add deny ip from 61.248.0.0/13 to any ${IPFW} 010 add deny ip from 128.134.0.0/16 to any ${IPFW} 010 add deny ip from 129.254.0.0/16 to any ${IPFW} 010 add deny ip from 134.75.0.0/16 to any ${IPFW} 010 add deny ip from 137.68.0.0/16 to any ${IPFW} 010 add deny ip from 141.223.0.0/16 to any ${IPFW} 010 add deny ip from 143.248.0.0/16 to any ${IPFW} 010 add deny ip from 147.6.0.0/16 to any ${IPFW} 010 add deny ip from 147.43.0.0/16 to any ${IPFW} 010 add deny ip from 147.46.0.0/15 to any ${IPFW} 010 add deny ip from 150.150.0.0/16 to any ${IPFW} 010 add deny ip from 150.183.0.0/16 to any ${IPFW} 010 add deny ip from 152.99.0.0/16 to any ${IPFW} 010 add deny ip from 152.149.0.0/16 to any ${IPFW} 010 add deny ip from 154.10.0.0/16 to any ${IPFW} 010 add deny ip from 155.230.0.0/16 to any ${IPFW} 010 add deny ip from 156.147.0.0/16 to any ${IPFW} 010 add deny ip from 157.197.0.0/16 to any ${IPFW} 010 add deny ip from 158.44.0.0/16 to any ${IPFW} 010 add deny ip from 161.122.0.0/16 to any ${IPFW} 010 add deny ip from 163.152.0.0/16 to any ${IPFW} 010 add deny ip from 163.180.0.0/16 to any ${IPFW} 010 add deny ip from 163.239.0.0/16 to any ${IPFW} 010 add deny ip from 164.124.0.0/15 to any ${IPFW} 010 add deny ip from 165.132.0.0/15 to any ${IPFW} 010 add deny ip from 165.141.0.0/16 to any ${IPFW} 010 add deny ip from 165.186.0.0/16 to any ${IPFW} 010 add deny ip from 165.194.0.0/16 to any ${IPFW} 010 add deny ip from 165.213.0.0/16 to any ${IPFW} 010 add deny ip from 165.229.0.0/16 to any ${IPFW} 010 add deny ip from 165.243.0.0/15 to any ${IPFW} 010 add deny ip from 165.244.0.0/16 to any ${IPFW} 010 add deny ip from 165.246.0.0/16 to any ${IPFW} 010 add deny ip from 166.79.0.0/16 to any ${IPFW} 010 add deny ip from 166.103.0.0/16 to any ${IPFW} 010 add deny ip from 166.104.0.0/16 to any ${IPFW} 010 add deny ip from 166.125.0.0/16 to any ${IPFW} 010 add deny ip from 168.78.0.0/16 to any ${IPFW} 010 add deny ip from 168.115.0.0/16 to any ${IPFW} 010 add deny ip from 168.126.0.0/16 to any ${IPFW} 010 add deny ip from 168.131.0.0/16 to any ${IPFW} 010 add deny ip from 168.154.0.0/16 to any ${IPFW} 010 add deny ip from 168.188.0.0/16 to any ${IPFW} 010 add deny ip from 168.219.0.0/16 to any ${IPFW} 010 add deny ip from 168.248.0.0/15 to any ${IPFW} 010 add deny ip from 169.140.0.0/16 to any ${IPFW} 010 add deny ip from 192.5.90.0/24 to any ${IPFW} 010 add deny ip from 192.100.2.0/24 to any ${IPFW} 010 add deny ip from 192.104.15.0/24 to any ${IPFW} 010 add deny ip from 192.132.15.0/24 to any ${IPFW} 010 add deny ip from 192.132.247.0/24 to any ${IPFW} 010 add deny ip from 192.132.248.0/22 to any ${IPFW} 010 add deny ip from 192.195.39.0/24 to any ${IPFW} 010 add deny ip from 192.195.40.0/24 to any ${IPFW} 010 add deny ip from 192.203.138.0/24 to any ${IPFW} 010 add deny ip from 192.203.139.0/24 to any ${IPFW} 010 add deny ip from 192.203.140.0/22 to any ${IPFW} 010 add deny ip from 192.203.144.0/23 to any ${IPFW} 010 add deny ip from 192.203.146.0/24 to any ${IPFW} 010 add deny ip from 192.245.249.0/24 to any ${IPFW} 010 add deny ip from 192.245.250.0/23 to any ${IPFW} 010 add deny ip from 192.249.16.0/20 to any ${IPFW} 010 add deny ip from 198.178.187.0/24 to any ${IPFW} 010 add deny ip from 202.6.95.0/24 to any ${IPFW} 010 add deny ip from 202.14.103.0/24 to any ${IPFW} 010 add deny ip from 202.14.165.0/24 to any ${IPFW} 010 add deny ip from 202.20.82.0/23 to any ${IPFW} 010 add deny ip from 202.20.84.0/23 to any ${IPFW} 010 add deny ip from 202.20.86.0/24 to any ${IPFW} 010 add deny ip from 202.20.99.0/24 to any ${IPFW} 010 add deny ip from 202.20.119.0/24 to any ${IPFW} 010 add deny ip from 202.20.128.0/17 to any ${IPFW} 010 add deny ip from 202.21.0.0/21 to any ${IPFW} 010 add deny ip from 202.30.0.0/15 to any ${IPFW} 010 add deny ip from 202.189.128.0/20 to any ${IPFW} 010 add deny ip from 203.224.0.0/11 to any ${IPFW} 010 add deny ip from 210.80.96.0/19 to any ${IPFW} 010 add deny ip from 210.90.0.0/15 to any ${IPFW} 010 add deny ip from 210.92.0.0/14 to any ${IPFW} 010 add deny ip from 210.96.0.0/11 to any ${IPFW} 010 add deny ip from 210.178.0.0/15 to any ${IPFW} 010 add deny ip from 210.180.0.0/14 to any ${IPFW} 010 add deny ip from 210.204.0.0/14 to any ${IPFW} 010 add deny ip from 210.216.0.0/13 to any ${IPFW} 010 add deny ip from 211.32.0.0/11 to any ${IPFW} 010 add deny ip from 211.104.0.0/13 to any ${IPFW} 010 add deny ip from 211.112.0.0/13 to any ${IPFW} 010 add deny ip from 211.168.0.0/13 to any ${IPFW} 010 add deny ip from 211.176.0.0/12 to any ${IPFW} 010 add deny ip from 211.192.0.0/10 to any ${IPFW} 010 add deny ip from 218.36.0.0/14 to any ${IPFW} 010 add deny ip from 218.48.0.0/13 to any ${IPFW} 010 add deny ip from 218.144.0.0/12 to any ${IPFW} 010 add deny ip from 218.232.0.0/13 to any ${IPFW} 010 add deny ip from 219.240.0.0/15 to any ${IPFW} 010 add deny ip from 219.248.0.0/13 to any ${IPFW} 010 add deny ip from 220.64.0.0/11 to any ${IPFW} 010 add deny ip from 220.116.0.0/14 to any ${IPFW} 010 add deny ip from 220.120.0.0/13 to any ${IPFW} 010 add deny ip from 221.138.0.0/15 to any ${IPFW} 010 add deny ip from 221.140.0.0/14 to any ${IPFW} 010 add deny ip from 221.144.0.0/12 to any ${IPFW} 010 add deny ip from 221.160.0.0/13 to any ${IPFW} 010 add deny ip from 221.168.0.0/16 to any ${IPFW} 010 add deny ip from 222.96.0.0/12 to any ${IPFW} 010 add deny ip from 222.112.0.0/13 to any ${IPFW} 010 add deny ip from 222.120.0.0/15 to any ${IPFW} 010 add deny ip from 222.122.0.0/16 to any ${IPFW} 010 add deny ip from 222.232.0.0/13 to any ### 中国からのアクセス拒否 to any ${IPFW} 010 add deny ip from 61.4.64.0/20 to any ${IPFW} 010 add deny ip from 61.28.0.0/17 to any ${IPFW} 010 add deny ip from 61.48.0.0/13 to any ${IPFW} 010 add deny ip from 61.128.0.0/13 to any ${IPFW} 010 add deny ip from 61.136.0.0/13 to any ${IPFW} 010 add deny ip from 61.144.0.0/12 to any ${IPFW} 010 add deny ip from 61.160.0.0/11 to any ${IPFW} 010 add deny ip from 61.232.0.0/14 to any ${IPFW} 010 add deny ip from 61.236.0.0/15 to any ${IPFW} 010 add deny ip from 61.240.0.0/14 to any ${IPFW} 010 add deny ip from 134.196.0.0/16 to any ${IPFW} 010 add deny ip from 159.226.0.0/16 to any ${IPFW} 010 add deny ip from 161.207.0.0/16 to any ${IPFW} 010 add deny ip from 162.105.0.0/16 to any ${IPFW} 010 add deny ip from 166.111.0.0/16 to any ${IPFW} 010 add deny ip from 167.139.0.0/16 to any ${IPFW} 010 add deny ip from 168.160.0.0/16 to any ${IPFW} 010 add deny ip from 192.83.122.0/24 to any ${IPFW} 010 add deny ip from 192.124.154.0/24 to any ${IPFW} 010 add deny ip from 192.188.170.0/24 to any ${IPFW} 010 add deny ip from 198.17.7.0/24 to any ${IPFW} 010 add deny ip from 198.97.132.0/24 to any ${IPFW} 010 add deny ip from 202.0.110.0/24 to any ${IPFW} 010 add deny ip from 202.0.160.0/20 to any ${IPFW} 010 add deny ip from 202.0.176.0/22 to any ${IPFW} 010 add deny ip from 202.3.77.0/24 to any ${IPFW} 010 add deny ip from 202.4.128.0/19 to any ${IPFW} 010 add deny ip from 202.14.88.0/24 to any ${IPFW} 010 add deny ip from 202.14.235.0/24 to any ${IPFW} 010 add deny ip from 202.14.236.0/23 to any ${IPFW} 010 add deny ip from 202.14.238.0/24 to any ${IPFW} 010 add deny ip from 202.20.120.0/24 to any ${IPFW} 010 add deny ip from 202.22.248.0/21 to any ${IPFW} 010 add deny ip from 202.38.0.0/20 to any ${IPFW} 010 add deny ip from 202.38.64.0/18 to any ${IPFW} 010 add deny ip from 202.38.128.0/21 to any ${IPFW} 010 add deny ip from 202.38.136.0/23 to any ${IPFW} 010 add deny ip from 202.38.138.0/24 to any ${IPFW} 010 add deny ip from 202.38.140.0/22 to any ${IPFW} 010 add deny ip from 202.38.144.0/22 to any ${IPFW} 010 add deny ip from 202.38.149.0/24 to any ${IPFW} 010 add deny ip from 202.38.150.0/23 to any ${IPFW} 010 add deny ip from 202.38.152.0/22 to any ${IPFW} 010 add deny ip from 202.38.156.0/24 to any ${IPFW} 010 add deny ip from 202.38.158.0/23 to any ${IPFW} 010 add deny ip from 202.38.160.0/23 to any ${IPFW} 010 add deny ip from 202.38.164.0/22 to any ${IPFW} 010 add deny ip from 202.38.168.0/21 to any ${IPFW} 010 add deny ip from 202.38.176.0/23 to any ${IPFW} 010 add deny ip from 202.38.184.0/21 to any ${IPFW} 010 add deny ip from 202.38.192.0/18 to any ${IPFW} 010 add deny ip from 202.90.0.0/22 to any ${IPFW} 010 add deny ip from 202.90.252.0/22 to any ${IPFW} 010 add deny ip from 202.91.0.0/22 to any ${IPFW} 010 add deny ip from 202.91.128.0/22 to any ${IPFW} 010 add deny ip from 202.92.0.0/22 to any ${IPFW} 010 add deny ip from 202.92.252.0/22 to any ${IPFW} 010 add deny ip from 202.93.0.0/22 to any ${IPFW} 010 add deny ip from 202.93.252.0/22 to any ${IPFW} 010 add deny ip from 202.94.0.0/19 to any ${IPFW} 010 add deny ip from 202.95.0.0/19 to any ${IPFW} 010 add deny ip from 202.95.252.0/22 to any ${IPFW} 010 add deny ip from 202.96.0.0/12 to any ${IPFW} 010 add deny ip from 202.112.0.0/13 to any ${IPFW} 010 add deny ip from 202.120.0.0/15 to any ${IPFW} 010 add deny ip from 202.122.0.0/21 to any ${IPFW} 010 add deny ip from 202.122.32.0/21 to any ${IPFW} 010 add deny ip from 202.122.128.0/24 to any ${IPFW} 010 add deny ip from 202.127.0.0/21 to any ${IPFW} 010 add deny ip from 202.127.12.0/22 to any ${IPFW} 010 add deny ip from 202.127.16.0/20 to any ${IPFW} 010 add deny ip from 202.127.40.0/21 to any ${IPFW} 010 add deny ip from 202.127.48.0/20 to any ${IPFW} 010 add deny ip from 202.127.128.0/19 to any ${IPFW} 010 add deny ip from 202.127.160.0/21 to any ${IPFW} 010 add deny ip from 202.127.192.0/21 to any ${IPFW} 010 add deny ip from 202.127.200.0/21 to any ${IPFW} 010 add deny ip from 202.127.208.0/20 to any ${IPFW} 010 add deny ip from 202.127.240.0/20 to any ${IPFW} 010 add deny ip from 202.130.0.0/19 to any ${IPFW} 010 add deny ip from 202.130.224.0/19 to any ${IPFW} 010 add deny ip from 202.131.208.0/20 to any ${IPFW} 010 add deny ip from 202.148.96.0/19 to any ${IPFW} 010 add deny ip from 202.168.160.0/20 to any ${IPFW} 010 add deny ip from 202.192.0.0/12 to any ${IPFW} 010 add deny ip from 203.79.0.0/20 to any ${IPFW} 010 add deny ip from 203.81.16.0/20 to any ${IPFW} 010 add deny ip from 203.87.224.0/19 to any ${IPFW} 010 add deny ip from 203.88.0.0/22 to any ${IPFW} 010 add deny ip from 203.89.0.0/22 to any ${IPFW} 010 add deny ip from 203.90.0.0/22 to any ${IPFW} 010 add deny ip from 203.92.0.0/22 to any ${IPFW} 010 add deny ip from 203.93.0.0/16 to any ${IPFW} 010 add deny ip from 203.94.0.0/19 to any ${IPFW} 010 add deny ip from 203.95.0.0/21 to any ${IPFW} 010 add deny ip from 203.128.128.0/19 to any ${IPFW} 010 add deny ip from 203.148.0.0/18 to any ${IPFW} 010 add deny ip from 203.175.128.0/19 to any ${IPFW} 010 add deny ip from 203.175.192.0/18 to any ${IPFW} 010 add deny ip from 203.192.0.0/19 to any ${IPFW} 010 add deny ip from 203.196.0.0/21 to any ${IPFW} 010 add deny ip from 203.207.64.0/18 to any ${IPFW} 010 add deny ip from 203.207.128.0/17 to any ${IPFW} 010 add deny ip from 203.208.0.0/20 to any ${IPFW} 010 add deny ip from 203.208.16.0/22 to any ${IPFW} 010 add deny ip from 203.212.0.0/20 to any ${IPFW} 010 add deny ip from 203.222.192.0/20 to any ${IPFW} 010 add deny ip from 203.223.0.0/20 to any ${IPFW} 010 add deny ip from 210.5.0.0/19 to any ${IPFW} 010 add deny ip from 210.5.128.0/20 to any ${IPFW} 010 add deny ip from 210.12.0.0/15 to any ${IPFW} 010 add deny ip from 210.14.64.0/19 to any ${IPFW} 010 add deny ip from 210.14.160.0/19 to any ${IPFW} 010 add deny ip from 210.14.192.0/18 to any ${IPFW} 010 add deny ip from 210.15.0.0/17 to any ${IPFW} 010 add deny ip from 210.15.128.0/18 to any ${IPFW} 010 add deny ip from 210.21.0.0/16 to any ${IPFW} 010 add deny ip from 210.22.0.0/16 to any ${IPFW} 010 add deny ip from 210.25.0.0/16 to any ${IPFW} 010 add deny ip from 210.26.0.0/15 to any ${IPFW} 010 add deny ip from 210.28.0.0/14 to any ${IPFW} 010 add deny ip from 210.32.0.0/12 to any ${IPFW} 010 add deny ip from 210.51.0.0/16 to any ${IPFW} 010 add deny ip from 210.52.0.0/15 to any ${IPFW} 010 add deny ip from 210.72.0.0/14 to any ${IPFW} 010 add deny ip from 210.76.0.0/15 to any ${IPFW} 010 add deny ip from 210.78.0.0/16 to any ${IPFW} 010 add deny ip from 210.79.224.0/19 to any ${IPFW} 010 add deny ip from 210.82.0.0/15 to any ${IPFW} 010 add deny ip from 210.87.128.0/20 to any ${IPFW} 010 add deny ip from 210.192.96.0/19 to any ${IPFW} 010 add deny ip from 210.211.0.0/20 to any ${IPFW} 010 add deny ip from 211.64.0.0/13 to any ${IPFW} 010 add deny ip from 211.80.0.0/13 to any ${IPFW} 010 add deny ip from 211.88.0.0/13 to any ${IPFW} 010 add deny ip from 211.96.0.0/13 to any ${IPFW} 010 add deny ip from 211.136.0.0/13 to any ${IPFW} 010 add deny ip from 211.144.0.0/12 to any ${IPFW} 010 add deny ip from 211.160.0.0/13 to any ${IPFW} 010 add deny ip from 218.0.0.0/13 to any ${IPFW} 010 add deny ip from 218.8.0.0/13 to any ${IPFW} 010 add deny ip from 218.16.0.0/12 to any ${IPFW} 010 add deny ip from 218.56.0.0/13 to any ${IPFW} 010 add deny ip from 218.64.0.0/11 to any ${IPFW} 010 add deny ip from 218.96.0.0/14 to any ${IPFW} 010 add deny ip from 218.104.0.0/14 to any ${IPFW} 010 add deny ip from 218.108.0.0/15 to any ${IPFW} 010 add deny ip from 218.192.0.0/12 to any ${IPFW} 010 add deny ip from 218.240.0.0/13 to any #2006/03/18追加 ${IPFW} 010 add deny ip from 218.75.96.252/30 to any ${IPFW} 010 add deny ip from 219.72.0.0/16 to any ${IPFW} 010 add deny ip from 219.82.0.0/16 to any ${IPFW} 010 add deny ip from 219.128.0.0/11 to any ${IPFW} 010 add deny ip from 219.216.0.0/13 to any ${IPFW} 010 add deny ip from 219.224.0.0/12 to any ${IPFW} 010 add deny ip from 219.242.0.0/15 to any ${IPFW} 010 add deny ip from 219.244.0.0/14 to any ${IPFW} 010 add deny ip from 220.112.0.0/14 to any ${IPFW} 010 add deny ip from 220.160.0.0/11 to any ${IPFW} 010 add deny ip from 220.192.0.0/12 to any ${IPFW} 010 add deny ip from 220.248.0.0/14 to any ${IPFW} 010 add deny ip from 220.252.0.0/16 to any ${IPFW} 010 add deny ip from 221.0.0.0/14 to any ${IPFW} 010 add deny ip from 221.4.0.0/15 to any ${IPFW} 010 add deny ip from 221.6.0.0/16 to any ${IPFW} 010 add deny ip from 221.7.0.0/18 to any ${IPFW} 010 add deny ip from 221.7.64.0/19 to any ${IPFW} 010 add deny ip from 221.7.128.0/17 to any ${IPFW} 010 add deny ip from 221.8.0.0/15 to any ${IPFW} 010 add deny ip from 221.10.0.0/16 to any ${IPFW} 010 add deny ip from 221.11.0.0/17 to any ${IPFW} 010 add deny ip from 221.11.128.0/18 to any ${IPFW} 010 add deny ip from 221.11.192.0/19 to any ${IPFW} 010 add deny ip from 221.12.0.0/17 to any ${IPFW} 010 add deny ip from 221.12.128.0/18 to any ${IPFW} 010 add deny ip from 221.13.0.0/18 to any ${IPFW} 010 add deny ip from 221.13.64.0/19 to any ${IPFW} 010 add deny ip from 221.13.128.0/17 to any ${IPFW} 010 add deny ip from 221.14.0.0/15 to any ${IPFW} 010 add deny ip from 221.122.0.0/15 to any ${IPFW} 010 add deny ip from 221.129.0.0/16 to any ${IPFW} 010 add deny ip from 221.130.0.0/15 to any ${IPFW} 010 add deny ip from 221.136.0.0/15 to any ${IPFW} 010 add deny ip from 221.172.0.0/14 to any ${IPFW} 010 add deny ip from 221.176.0.0/13 to any ${IPFW} 010 add deny ip from 221.192.0.0/15 to any ${IPFW} 010 add deny ip from 221.194.0.0/16 to any ${IPFW} 010 add deny ip from 221.196.0.0/15 to any ${IPFW} 010 add deny ip from 221.198.0.0/16 to any ${IPFW} 010 add deny ip from 221.199.0.0/19 to any ${IPFW} 010 add deny ip from 221.199.32.0/20 to any ${IPFW} 010 add deny ip from 221.199.128.0/18 to any ${IPFW} 010 add deny ip from 221.199.192.0/20 to any ${IPFW} 010 add deny ip from 221.200.0.0/14 to any ${IPFW} 010 add deny ip from 221.204.0.0/15 to any ${IPFW} 010 add deny ip from 221.207.0.0/18 to any ${IPFW} 010 add deny ip from 221.208.0.0/14 to any ${IPFW} 010 add deny ip from 221.212.0.0/16 to any ${IPFW} 010 add deny ip from 221.214.0.0/15 to any ${IPFW} 010 add deny ip from 221.216.0.0/13 to any ${IPFW} 010 add deny ip from 221.224.0.0/12 to any ${IPFW} 010 add deny ip from 222.16.0.0/12 to any ${IPFW} 010 add deny ip from 222.32.0.0/11 to any ${IPFW} 010 add deny ip from 222.64.0.0/13 to any ${IPFW} 010 add deny ip from 222.72.0.0/15 to any ${IPFW} 010 add deny ip from 222.74.0.0/16 to any ${IPFW} 010 add deny ip from 222.76.0.0/14 to any ${IPFW} 010 add deny ip from 222.80.0.0/14 to any ${IPFW} 010 add deny ip from 222.84.0.0/16 to any ${IPFW} 010 add deny ip from 222.85.128.0/17 to any ${IPFW} 010 add deny ip from 222.86.0.0/15 to any ${IPFW} 010 add deny ip from 222.128.0.0/12 to any ${IPFW} 010 add deny ip from 222.160.0.0/15 to any ${IPFW} 010 add deny ip from 222.162.0.0/16 to any ${IPFW} 010 add deny ip from 222.163.0.0/19 to any ${IPFW} 010 add deny ip from 222.232.0.0/13 to any ${IPFW} 010 add deny ip from 222.240.0.0/13 to any ${IPFW} 010 add deny ip from 222.248.0.0/15 to any ### ICMP 用ルール - ADSL では ICMP をブロックしてはならない ${IPFW} 100 add ${ALLOW} icmp from any to any ### ループバックパケットの許可 ${IPFW} 200 add ${ALLOW} ip from any to any via lo0 ### 断片化されたパケットの破棄 ${IPFW} 300 add ${DENY} ip from any to any via tun0 frag ### 内側のネットワークは制限無し ${IPFW} 400 add ${ALLOW} ip from 192.168.1.0/24 to any via rl1 ${IPFW} 410 add ${ALLOW} ip from any to 192.168.1.0/24 via rl1 ### アドレス詐称パケットの拒否 ${IPFW} 500 add ${DENY} ip from 192.168.1.0/24 to any recv tun0 ${IPFW} 510 add ${DENY} ip from 127.0.0.1 to any recv tun0 ${IPFW} 520 add ${DENY} ip from any to 127.0.0.0/8 ${IPFW} 530 add ${DENY} ip from 127.0.0.0/8 to any ### NetBIOS を破棄 ${IPFW} 600 add deny tcp from any 137-139,445 to any ${IPFW} 610 add deny udp from any 137-139,445 to any ${IPFW} 620 add deny tcp from any to any 137-139,445 ${IPFW} 630 add deny udp from any to any 137-139,445 ${IPFW} 640 add deny tcp from any 135 to any ${IPFW} 650 add deny udp from any 135 to any ${IPFW} 660 add deny tcp from any to any 135 ${IPFW} 670 add deny udp from any to any 135 ### NAT 用 ${IPFW} 900 add divert 8668 ip from any to any via tun0 ### パケットが既に確立されているパケットを許可 ${IPFW} 1000 add ${ALLOW} tcp from any to any established ### tun0 を通過する内部から外側へのすべてのパケット通過の許可 ${IPFW} 1010 add ${ALLOW} ip from any to any out via tun0 ### 外部 DNS 参照時の要求と返答を許可 ${IPFW} 1300 add ${ALLOW} udp from any to any 53 ${IPFW} 1310 add ${ALLOW} udp from any 53 to any ### 外からの HTTP(S) を許可 ${IPFW} 1400 add ${ALLOW} tcp from any to 192.168.1.1 80 setup ${IPFW} 1410 add ${ALLOW} tcp from any to 192.168.1.1 443 setup ### 外からの SMTP を許可 ${IPFW} 1500 add ${ALLOW} tcp from any to 192.168.1.1 25 setup ### NTP 返信を許可 ${IPFW} 1600 add ${ALLOW} udp from any 123 to any ### SNMP 返信を許可 ${IPFW} 1700 add ${ALLOW} udp from any 161 to any ### 外からの POP3 を許可 ${IPFW} 1800 add ${ALLOW} tcp from any to 192.168.1.1 110 setup ### 外からの IMAP を許可 ${IPFW} 1850 add ${ALLOW} tcp from any to 192.168.1.1 143 setup ### 外からの FTP を許可 ${IPFW} 1900 add ${ALLOW} tcp from any to 192.168.1.1 20 setup ${IPFW} 1910 add ${ALLOW} udp from any to 192.168.1.1 20 ${IPFW} 1920 add ${ALLOW} tcp from any to 192.168.1.1 21 setup ${IPFW} 1930 add ${ALLOW} udp from any to 192.168.1.1 21 # PASV 用 ${IPFW} 1940 add ${ALLOW} tcp from any to 192.168.1.1 7000-7030 ${IPFW} 1950 add ${ALLOW} udp from any to 192.168.1.1 7000-7030 # WinMX用 ${IPFW} 1960 add ${ALLOW} tcp from any to 192.168.1.15 11624 #MapleStory パッチ用 ${IPFW} 1980 add ${ALLOW} tcp from any 20 to any #IDENTには答えない ${IPFW} 1985 add reset tcp from any to 192.168.1.1 113 in recv any ### ICQ を許可 ${IPFW} 2000 add ${ALLOW} udp from any 4000 to any in recv tun0 ### 外からの SSH を許可 ${IPFW} 2100 add ${ALLOW} tcp from any to 192.168.1.11 22 setup ### それ以外はログを取って全て拒否 ${IPFW} 9900 add ${DENY} tcp from any to any ### keep-state を使った、LAN から外部への UDP 通信の許可 ${IPFW} 20000 add ${ALLOW} udp from any to any keep-state out via tun0 ${IPFW} 20010 add check-state ### それ以外の UDP パケットの禁止 ${IPFW} 20020 add ${DENY} udp from any to any ### Default setting. Don't chage! ############## #ipfw 65536 add deny ip any to any ################################################
再起動 †
ここまで設定できたら、再起動をかける
# reboot
*1 中国からのアクセス拒否、参考にしたサイト:がとらほ ipfwによるIPパケットフィルタリング