3/17/2024 0 Comments Metin2.ro forum$IPF 10000 allow all from any to any via lo0 $IPF 41 allow all from IF_of_my_host to me 3306 Currently, "Saldırı Paket Veri Kısıtlama" ("Attack Packet Data Restriction"?) adds a block of rules which will be used *after* the next block of rules. For example: Why do you allow udp to port 22?ģ) Make a distinction between incoming and outgoing traffic.Ĥ) For readability, you might want to re-arrange your configuration file so that the rules are sorted in ascending order within each 'group' of rules. I also have a few other comments on your ruleset.ġ) Generally, don't use "from any to any" in allow rules.Ģ) Don't add an allow rule unless you know you want it. If you still want to use keep-state, you'll have to play around with limiting the number of states allowed per source IP, state timeout (.fw.dyn_*_lifetime), or increasing .fw.dyn_max (and .fw.dyn_buckets?) to higher values. Please re-evaluate why you need keep-state. There's usually little need for keep-state on incoming traffic to services as you already know you want to allow traffic for them. $IPF 34 allow all from mywebserverip to me Ipfw add 426 allow udp from any to me 3306 in via em0 setup limit src-addr 50 Ipfw add 425 allow udp from any to me 11005 in via em0 setup limit src-addr 50 Ipfw add 424 allow udp from any to me 18000 in via em0 setup limit src-addr 80 Ipfw add 423 allow udp from any to me 21000 in via em0 setup limit src-addr 80 Ipfw add 422 allow udp from any to me 16000 in via em0 setup limit src-addr 80 Ipfw add 421 allow udp from any to me 13001 in via em0 setup limit src-addr 80 Ipfw add 420 allow udp from any to me 13000 in via em0 setup limit src-addr 80 Ipfw add 419 allow udp from any to me 22 in via em0 setup limit src-addr 80 Ipfw add 416 allow tcp from any to me 3306 in via em0 setup limit src-addr 10 Ipfw add 415 allow tcp from any to me 11005 in via em0 setup limit src-addr 5 Ipfw add 414 allow tcp from any to me 18000 in via em0 setup limit src-addr 10 Ipfw add 413 allow tcp from any to me 21000 in via em0 setup limit src-addr 10 Ipfw add 412 allow tcp from any to me 16000 in via em0 setup limit src-addr 10 Ipfw add 411 allow tcp from any to me 13001 in via em0 setup limit src-addr 10 Ipfw add 410 allow tcp from any to me 13000 in via em0 setup limit src-addr 10 Ipfw add 409 allow tcp from any to me 22 in via em0 setup limit src-addr 20 $IPF 33 allow udp from any to any 11005 keep-state $IPF 32 allow udp from any to any 3306 keep-state $IPF 31 allow udp from any to any 21000 keep-state $IPF 30 allow udp from any to any 18000 keep-state $IPF 29 allow udp from any to any 16000 keep-state $IPF 28 allow udp from any to any 13001 keep-state $IPF 27 allow udp from any to any 13000 keep-state $IPF 26 allow udp from any to any 22 keep-state $IPF 25 allow tcp from any to any 11005 setup keep-state $IPF 24 allow tcp from any to any 3306 setup keep-state $IPF 23 allow tcp from any to any 21000 setup keep-state $IPF 22 allow tcp from any to any 18000 setup keep-state $IPF 21 allow tcp from any to any 16000 setup keep-state $IPF 20 allow tcp from any to any 13001 setup keep-state $IPF 19 allow tcp from any to any 13000 setup keep-state $IPF 18 allow tcp from any to any 22 setup keep-state $IPF 16 allow all from any to any out keep-state $IPF 15 allow tcp from any to any established $IPF 10 allow all from any to any via lo0
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |