*** Edit configure file at '/etc/ipf/ipf.conf'
#
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.
# Block any packets which are too short to be real
block in log quick all with short
#
# drop and log any IP packets with options set in them.
block in log all with ipopts
#
# Allow all traffic on loopback.
pass in quick on lo0 all
pass out quick on lo0 all
#
# Public Network. Block everything not explicity allowed.
block in on ce0 all
pass out on ce0 all
#
# Allow pings out.
pass out quick on ce0 proto icmp all keep state
#
# Allow outbound state related packets.
pass out quick on ce0 proto tcp/udp from any to any keep state
#
# allow ssh from 172.16.0.0/16 only.
# pass in log quick on ce0 from 172.16.0.0/16 to 172.16.1.100/32 port = 22
# Actually, allow ssh only from ben, jerry, MSU
pass in log quick on ce0 proto tcp from any to any port = 22
pass in log quick on ce0 proto tcp from any to any port = 1521
*** End file
*** Enable ipfilter by command
[tatshuya#] svcadm enable ipfilter
*** Disable ipfilter
[tatshuya#] svcadm disable ipfilter
*** Reconfig ipfilter
[tatshuya#] svcadm refresh ipfilter
-- TaTsHuYa --
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment