++配置防火墙

　　/etc/rc.conf

　　加入以下内容

　　firewall_enable="YES"

　　firewall_script="/etc/rc.firewall"

　　firewall_type="/etc/ipfw.rules"　这是防火墙自定义脚本

　　firewall_quIEt="NO"

　　firewall_logging_enable="YES"

　　log_in_vain="NO"

　　tcp_drop_synfin="NO"

　　tcp_restrict_rst="YES"

　　icmp_drop_redirect="YES"

　　保存退出

　　vi /etc/ipfw.rules

　　大家注意 -q 前面要加一个空格

　　-q -f flush

　　-q add 00301 allow all from any to any via lo0

　　-q add 00302 check-state

　　-q add 00303 allow tcp from any to 10.72.255.131 53 out via vr0 setup keep-state　 10.72.255.131 是DNS地址,大家根据本地的改下

　　-q add 00400 allow udp from any to 10.72.255.131 53 out via vr0 keep-state　　　vr0 是我网卡的名称,大家根据己的改,以下都是一样

　　-q add 00500 allow tcp from any to any 80 in via vr0 setup keep-state

　　-q add 00900 allow tcp from any to any 25 out via vr0 setup keep-state

　　-q add 01200 allow tcp from any to any via vr0 setup keep-state uid root

　　-q add 01300 allow icmp from any to any in via vr0　keep-state

　　-q add 01400 allow tcp from any to any 21 in via vr0 setup keep-state

　　-q add 01500 allow tcp from any to me　21 in via vr0 setup limit src-addr 2

　　-q add 01600 allow tcp from any to any 22 in via vr0 setup keep-state

标签：