[問題]請問在OpenBSD的pf.conf中,怎樣去設定內部網路不能去特定的外
我參考了上奇出版的Absoulate OpenBSD的作法
作了一個家用的NAT(兩張網路卡)
設定如下:
******************************************************************************
ext_if="rl1"
int_if="rl0"
private_ip="{10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}"
block_ip="12.34.56.78"
allow_dest="{5999,http,https,smtp,sftp}"
allow_locl="{http,https,imap,imaps,pop2,pop3,pop3s,ssh,sftp,smtp}"
scrub in all
nat on $ext_if from $private_ip to any -> $ext_if
block in log all
pass in on $int_if inet from $private_ip to any modulate state
pass in on $ext_if inet proto tcp from any to $ext_if port $allow_locl keep state
pass in on $ext_if inet proto tcp from any port $allow_dest to $ext_if keep state
block in on $int_if inet from $block_ip to any
antispoof for $ext_if
antispoof for $int_if
******************************************************************************
為了要作到擋掉某個外部的實體IP進內部的私人IP
可是這樣作似乎作不到我要的樣子
所以請問各位大大,該怎樣去設定相關的屬性或數值
先謝謝將提出解答的大大了^^
--
╭┼ Origin: 致遠心情 telnet://bbs.dwu.edu.tw
┼╯ From: h204-61-59-44.seed.net.tw
FreeBSD 近期熱門文章
PTT數位生活區 即時熱門文章
