OpenBSD 4.7 PF 规则问题
时间:2010-08-11
来源:互联网
我的服务器PF规则怎么配置都无法加载,提示
scrub in all
和 NAT 规则出错
***************************************************************
int_if="re0"
ext_if="re1"
dmz_if="re2"
mgr_if="re3"
nat_if="re1"
nat_ip="111.222.101.202"
wan_ip="111.222.101.202"
int_ip="10.1.0.2"
local_net="10.1.0.0/21"
set skip on lo
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set optimization normal
set timeout interval 10
set timeout frag 30
scrub in all
# NAT
nat pass on $nat_if inet from $local_net to any -> $nat_ip
# FTP PROXY
# RDR
block log all
pass quick on lo0 all
# SSH From localnet
pass in quick on $int_if inet proto tcp from $local_net to $int_if port ssh flags S/SA keep state
pass in on $int_if inet proto icmp from $local_net to $int_if icmp-type $icmp_types keep state
pass out on $ext_if inet proto icmp from $ext_if to any icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass in on $int_if from $local_net to any
pass out on $int_if from any to $local_net
pass out log on $ext_if from $ext_if:network to any
pass out log on $ext_if proto tcp all modulate state flags S/SA
block in log quick on $ext_if proto tcp from any to $ext_if port ssh
*********************************************************
上面是我的规则,我是从旧的直接恢复过来的,可是不能运行,请问难道说 OpenBSD 4.7 PF 语法变了??
删掉 scrub 和 nat 那两行就可以加载,请高手帮们看看!!谢谢!
scrub in all
和 NAT 规则出错
***************************************************************
int_if="re0"
ext_if="re1"
dmz_if="re2"
mgr_if="re3"
nat_if="re1"
nat_ip="111.222.101.202"
wan_ip="111.222.101.202"
int_ip="10.1.0.2"
local_net="10.1.0.0/21"
set skip on lo
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set optimization normal
set timeout interval 10
set timeout frag 30
scrub in all
# NAT
nat pass on $nat_if inet from $local_net to any -> $nat_ip
# FTP PROXY
# RDR
block log all
pass quick on lo0 all
# SSH From localnet
pass in quick on $int_if inet proto tcp from $local_net to $int_if port ssh flags S/SA keep state
pass in on $int_if inet proto icmp from $local_net to $int_if icmp-type $icmp_types keep state
pass out on $ext_if inet proto icmp from $ext_if to any icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass in on $int_if from $local_net to any
pass out on $int_if from any to $local_net
pass out log on $ext_if from $ext_if:network to any
pass out log on $ext_if proto tcp all modulate state flags S/SA
block in log quick on $ext_if proto tcp from any to $ext_if port ssh
*********************************************************
上面是我的规则,我是从旧的直接恢复过来的,可是不能运行,请问难道说 OpenBSD 4.7 PF 语法变了??
删掉 scrub 和 nat 那两行就可以加载,请高手帮们看看!!谢谢!
作者: deanetg 发布时间: 2010-08-11
4.7的PF语法变了,看PF FAQ
作者: lin_wang 发布时间: 2010-08-11
作者: deanetg 发布时间: 2010-08-11
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
