hamaのページ
hamaのページ
 
「ipfilter」の編集履歴(バックアップ)一覧に戻る

ipfilter - (2007/05/27 (日) 00:39:02) のソース

*ipfilter Solaris

***/etc/ipf/pfil.apの編集(#外し または インターフェースの追加)
 # IP Filter pfil autopush setup
 #
 # See the autopush(1M) manpage for more information.
 #
 # Format of the entries in this file is:
 #
 #major  minor lastminor modules
 
 #iprb   -1      0       pfil
 #elxl   -1      0       pfil
 #e1000g -1      0       pfil
 #bge    -1      0       pfil
 #nf     -1      0       pfil
 #fa     -1      0       pfil
 #ci     -1      0       pfil
 #el     -1      0       pfil
 #ipdptp -1      0       pfil
 #lane   -1      0       pfil
 #dnet   -1      0       pfil
 #pcelx  -1      0       pfil
 #spwr   -1      0       pfil
 rtls    -1      0       pfil

***pfilサービス再起動
 #svcadm restart network/pfil

***/etc/ipf/ipf.confの編集
複数の行に当てはまる場合は下側の設定が適用される
その行で有効にする場合はquickをつける

 #default local out packet pass
 pass out quick on lo0 all keep state
 
 #default out packet pass
 pass out quick on rtls0 all keep state
 
 #default in packet block
 block in log level local2.debug on rtls0 all
 
 #attack by local IP packet 
 #block in log level local2.debug quick on rtls0 from 127.0.0.0/8 to any
 #block in log level local2.debug quick on rtls0 from 10.0.0.0/8 to any 
 #block in log level local2.debug quick on rtls0 from 169.254.0.0/16 to any 
 #block in log level local2.debug quick on rtls0 from 172.16.0.0/12 to any 
 #block in log level local2.debug quick on rtls0 from 192.168.0.0/16 to any 
 
 # attack by invalid IP option
 block in log level local2.debug quick on rtls0 all with opt lsrr
 block in log level local2.debug quick on rtls0 all with opt ssrr
 #block in log level local2.debug quick from any to any with ipopts 
 
 # attack by too-short IP fragment 
 block in log level local2.debug quick on rtls0 proto tcp all with short
 
 #service port pass
 pass in quick on rtls0 proto tcp from any to any port = 80 flags S/SA keep state
 pass in quick on rtls0 proto tcp from any to any port = 443 flags S/SA keep state
 pass in quick on rtls0 proto tcp from any to any port = 25 flags S/SA keep state
 #pass in quick on rtls0 proto tcp from any to any port = 110 flags S/SA keep state
 pass in quick on rtls0 proto udp from any port = 53 to any
 
 #management port pass
 pass in quick on rtls0 proto tcp from 192.168.1.0/24 to any port = 22 flags S/SA keep state
 pass in quick on rtls0 proto icmp from any to any icmp-type 8
 pass in quick on rtls0 proto icmp from any to any icmp-type 0

***syslog関連の設定
 #/etc/syslog.confに以下を追加
 #local0.debug /var/log/ipf.log(間はTAB)
 
 #touch /var/log/ipf.log
 #chmod 644 /var/log/ipf.log
 #pkill -HUP syslogd

***ipフィルタ起動
 #svcadm enable network/ipfilter

***マシンリブート

***その他
既存のフィルタ設定の削除
 #ipf -Fa
設定の適用
 #ipf -f /etc/ipf/ipf.conf