From owner-FreeBSD-users-jp@jp.FreeBSD.org Wed Jun 19 04:57:06 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g5IJv6m18890;
	Wed, 19 Jun 2002 04:57:06 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from t-mta7.odn.ne.jp (mfep7.odn.ne.jp [143.90.131.185])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g5IJv5c18884
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Wed, 19 Jun 2002 04:57:05 +0900 (JST)
	(envelope-from n-kogane@syd.odn.ne.jp)
Received: from kces1.koganemaru.co.jp ([218.46.147.184])
          by t-mta7.odn.ne.jp with ESMTP
          id <20020618195705025.VXMX.2063.t-mta7.odn.ne.jp@mta7.odn.ne.jp>
          for <FreeBSD-users-jp@jp.FreeBSD.org>;
          Wed, 19 Jun 2002 04:57:05 +0900
Received: (from kogane@localhost)
	by kces1.koganemaru.co.jp (8.8.8/3.6W) id EAA01109;
	Wed, 19 Jun 2002 04:58:15 +0900 (JST)
Date: Wed, 19 Jun 2002 04:58:15 +0900 (JST)
From: Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
Message-Id: <200206181958.EAA01109@kces1.koganemaru.co.jp>
X-Authentication-Warning: kces1.koganemaru.co.jp: kogane set sender to n-kogane using -f
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: <200206170825.RAA00477@kces1.koganemaru.co.jp>
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020611
X-Sequence: FreeBSD-users-jp 69405
Subject: [FreeBSD-users-jp 69405] Re: =?ISO-2022-JP?B?GyRCRkNEahsoQg==?=
 =?ISO-2022-JP?B?GyRCJE4bKEI=?= IP
 =?ISO-2022-JP?B?GyRCJSIlSSVsJTkkTkBcQjM1cUhdSn1LIRsoQg==?= 
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: n-kogane@syd.odn.ne.jp

$B>.6b4]$G$9!#(B

>Date: Mon, 17 Jun 2002 17:25:00 +0900 (JST)
>From: Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
>
>$B>.6b4]$G$9!#(B
>
>>Date: Mon, 17 Jun 2002 10:25:58 +0900
>>From: takanyon <tak@big.or.jp>
>>
>>takanyon$B$G$9!#(B
>>
>>On Fri, 14 Jun 2002 19:00:50 +0900 (JST)
>>Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp> wrote:
>>
>>> $B>.6b4]$G$9!#(B
>>
>>> ipfw $B$G2r7h$7$h$&$H;W$&$N$G$9$,!"C/$+4JC1$O%5%s%W%k$r65$($F$b$i$($l$P(B
>>> $B$"$j$,$?$$$G$9!#(B
>>
>>ipfw add 10000 deny tcp from ($BAj<j@h(BIP)/32 to any 25
>>
>>$B$/$i$$$G5qH]$G$-$k$+$H;W$$$^$9$,(B...$B!#(B
>>
>>> ipfw $B$r;H$&$K$O%+!<%M%k$K(B option $B$rF~$l$k$H$+$"$k$N$G$9$,!"(B
>>> kldload $B$G%m!<%I$9$l$P%+!<%M%k$rJQ99$9$kI,MW$O$J$$$N$G$7$g$&$+!)(B
>>> $B65$($F$/$@$5$$!#(B
>>
>>kldload$B$9$l$P%j%V!<%H$9$k$^$G$O$=$N$^$^;H$($^$9!#(B
>>$B$^$?!"5/F0;~$K(Brc.conf$B$K(Bfirewall_enable="YES"$B$H=q$$$F$"$l$P(B
>>$B<+F0E*$K(Bkldload$B$5$l$^$9$N$G(Bkernel$B$rJQ99$9$kI,MW$O$"$j$^$;$s!#(B
>
>$B$"$j$,$H$&$4$6$$$^$9!#$3$N>pJs$,M_$7$+$C$?$G$9!#(B

QandA $B$r:n$C$F$_$^$7$?!#(B

---- $B$3$3$+$i(B ----
Q. $BFCDj$N(B IP $B%"%I%l%9$N@\B35qH]$7$?$$$N$G$9$,!"$I$N$h$&$K$9$l$P$h$$$G$9$+!)(B
   $B$d$j$?$$$N$O(B SMTP $B$G$N@\B3$r5qH]$G$9!#(B

A. IPFW, IP Filter $B$d%a!<%k$G$"$l$P!"(Bqmail + tcpserver $B$r;H$&J}K!$,$"$j$^(B
   $B$9$,!"(Bipfw $B$N@_DjNc$r<($7$^$9!#(B
   $B8E$$HG$G$O(B ipfw $B$r;HMQ$9$k$K$O%+!<%M%k$r:F9=C[$9$kI,MW$,$"$j$^$7$?$,!"(B
   4.X-RELEASE $B0J9_$G$"$l$P!"(Bfirewall_enable="YES" $B$G<+F0E*$K(B ipfw.ko $B$,(B
   kldload $B$5$l$^$9$N$G!"%+!<%M%k$r:F9=C[$9$kI,MW$O$"$j$^$;$s!#(B
   $B!&(Brc.conf $B$N@_Dj(B ($B@hF,$,(B # $B$O%G%U%)%k%H(B)
    firewall_enable="YES"		# Set to YES to enable firewall functionality
    #firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
    firewall_type="/etc/ipfw.conf"	# Firewall type (see /etc/rc.firewall)
    #firewall_quiet="NO"		# Set to YES to suppress rule display
    #firewall_logging="NO"		# Set to YES to enable events logging
    #firewall_flags=""			# Flags passed to ipfw when type is a file

   $B!&(B/etc/ipfw.conf $B$K<!$N$h$&$K5-=R$9$k!#(B
   # $B%"%I%l%95qH]0J30$O(B firewall_type="OPEN" $B$HF1MM(B
   add 100 pass all from any to any via lo0
   add 200 deny all from any to 127.0.0.0/8
   add 300 deny ip from 127.0.0.0/8 to any
   # $B5qH]$9$k(B IP $B%"%I%l%9(B --STRAT-
   add 10000 deny tcp from ($BAj<j@h(BIP 1)/32 to any 25
   add 10001 deny tcp from ($BAj<j@h(BIP 2)/32 to any 25
   # ....
   # $B5qH]$9$k(B IP $B%"%I%l%9(B --END--
   add 65000 pass all from any to any
---- $B$3$3$^$G(B ----
--
($BM-(B)$B>.6b4]%3%s%T%e!<%?%(%s%8%K%"%j%s%0%5!<%S%9(B ($BJ!2,8)BgLn>k;T(B)
	$B>.6b4](B $B?.9,(B (Nobuyuki Koganemaru)
E-Mail: kogane@koganemaru.co.jp
E-Mail: n-kogane@syd.odn.ne.jp
URL: http://www.koganemaru.co.jp

