FreeBSD的新防火牆+頻寬管理 -- pf

看板FreeBSD作者honestman.時間21年前 (2004/12/28 12:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

從FreeBSD 5.3之後，內建OpenBSD 3.5移植來的pf http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html 因此，FreeBSD從此有3套防火牆：pf、ipfilter(ipf)、ipfw。字愈少的愈強，pf已經內建altq，所以不再需要patch kernel就可以做到頻寬管理。在GENERIC裏已經有 device bpf # Berkeley packet filter 自訂核心再加上 device pf device pflog device pfsync options ALTQ #enable ALTQ options ALTQ_CBQ #build the ``Class Based Queuing'' discipline. options ALTQ_RED #build the ``Random Early Drop'' extension. 在 /etc/rc.conf裏 pf_enable="YES" # Enable PF (load module if required) pf_rules="/etc/pf.conf" # rules definition file for pf pf_flags="" # additional flags for pfctl startup pflog_enable="YES" # start pflogd(8) pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_flags="" # additional flags for pflogd startup gateway_enable="YES" # Enable as Lan gateway 就有OpenBSD上超強的頻寬管理工具啦至於document，這裏 http://www.onlamp.com/topics/bsd/OpenBSD 有一些最完整的，還是 http://www.openbsd.org/faq/pf/ Absolute OpenBSD這本書也不錯天瓏有賣中文版 http://www.tenlong.com.tw/BookSearch/Search.php?isbn=9867529413&sid=21837 pf的好處: 舉例來說 load balance (round robin) http://www.openbsd.org/faq/pf/pools.html web_servers = "{ 10.0.0.10, 10.0.0.11, 10.0.0.13 }" rdr on $ext_if proto tcp from any to any port 80 -> $web_servers round-robin sticky-address 個人最喜歡的是那個巨集功能,改IP時真的很方便,定rule時也很清楚 --- http://spaces.msn.com/members/tenyi/ -- ※ 來源:‧蛋捲廣場 bbs.tku.edu.tw‧[FROM: 218.167.186.209]