Re[2]: ipfw firewall_type="open" $B$,F0$+$J$$!)(B

Reply: Hajimu UMEMOTO : "Re: Re[2]: ipfw firewall_type="open" $B$,(B $BF0$+$J$$!)(B"
In reply to: Kaoru Kusachi : "Re: ipfw firewall_type="open" が動かない？"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Yoshihiro Hanahara <hanahara_at_meiko.co.jp>
Date: Fri, 11 Nov 2022 16:40:43 UTC
$B2V86$G$9!#(B

$B$3$NOCBj$r8+$F$J$+$C$?$N$G!"CY$$%l%9$K$J$j$^$9$,(B...$B!#(B

$B;d$b@N!"F1MM$N7P83$r$7$?5-21$,$"$j!"@DLZ$5$s!"ApCO$5$s$N?dB,$,Ev$?$C$F$$(B
$B$k$N$G$O$H;W$$$^$9(B($B3N?.$,$"$k$o$1$G$O$"$j$^$;$s$,(B...)$B!#(B

$B;d$N$H$3$m$O(B /etc/rc.firewall $B$N(B firewall_type $B$G@_Dj$7$J$$$G!"<+A0$N%9(B
$B%/%j%W%H$G@_Dj$7$F$$$k$N$G$9$,!"$=$N%9%/%j%W%H$NF,$N%3%a%s%H$K<!$N$h$&$K(B
$B=q$$$F$$$^$7$?!#(B


######################################################################
#
#  firewall.conf  ---  Firewall settings of MyServer
#
#  Usage:
#     $B!&DL>o$O(B /etc/rc.conf $B$+$iFI$_9~$^$l@_Dj$5$l$k!#(B
#       /etc/rc.conf$B$K$O<!$N9T$rDI2C$7$F$*$/!#(B
#
#           firewall_enable="YES"
#           firewall_script="/etc/firewall.conf"
#
#     $B!&%3%s%=!<%k$+$i@_Dj$9$k>l9g(B
#           # sh <firewall.conf
#
#     $B!&%M%C%H%o!<%/7PM3$G@\B3$7$F$$$F!"$+$D(B sh$B7O(B $B$N%7%'%k$r;H$C$F$$$k>l9g(B
#           # sh <firewall.conf >/dev/null 2>&1
#
#     $B!&%M%C%H%o!<%/7PM3$G@\B3$7$F$$$F!"$+$D(B csh$B7O(B $B$N%7%'%k$r;H$C$F$$$k>l9g(B
#           # sh <firewall.conf >&/dev/null
#
######################################################################

$B@_Dj$,40N;$9$k$^$G$N4V$K!"%M%C%H%o!<%/$,@Z$l$?>uBV$GC<KvF~=PNO$,$"$k$H!"(B
$BC<Kv(BI/O$B$,%V%m%C%/(B?$B$5$l$F;_$^$k$N$,860x$+$b$7$l$J$$(B($B$H;W$C$?(B)$B$N$G!"(B
$B40A4$K@_Dj$,40N;$9$k$^$G$O!"%j%@%$%l%/%H$GC<Kv(BI/O$B$r<N$F$k$H$$$&$3$H$G!"(B
$B>h$j@Z$C$?$h$&$K$&$m3P$($7$F$^$9!#(B

    service ipfw start >/dev/null 2>&1    (sh$B7O$N%7%'%k$r;H$C$F$$$k>l9g(B)

    service ipfw start >& /dev/null       (csh$B7O(B $B$N%7%'%k$r;H$C$F$$$k>l9g(B)

$B$G$$$1$?$j$7$J$$$G$7$g$&$+(B?

$B$$$:$l$K$7$m!"(Bfirewall$B@_Dj$r%_%9$k$H!"%K%C%A$b%5%C%A$b9T$+$J$/$J$k$N$G!"(B
VNC$B%3%s%=!<%k$H$+$GA`:n$G$-$k<jCJ$r$"$i$+$8$a3NJ]$7$F$+$i<B9T$7$F$_$F$/$@$5$$!#(B
$B;d$N$H$3$m$NJ*M}%5!<%P!<$O!"%7%j%"%k%3%s%=!<%k$G%X%C%I%l%9(B($B%G%#%9%W%l%$!"(B
$B%-!<%\!<%IL5$7(B)$B1?MQ$7$F$^$9!#(B


$BCY$$%l%9%]%s%9$G$9$,!"%3%a%s%H$7$F$_$^$7$?!#(B



On Sun, 9 Oct 2022 09:39:45 +0900
Kaoru Kusachi <tika@st.rim.or.jp> wrote:

> $BApCO$G$9!#(B
> 
> $B2?$H$+2r7h$G$-$?MM$G$h$+$C$?$G$9$M!#(B
> 
> $B860x$O$*$=$i$/@DLZ$5$s$,2r@b$J$5$C$F$$$kMM$K(B VPS$B$K(B SSH$B$G@\B3$5$l$F(B
> $B$$$?0Y$K(B ipfw $B$r=i4|2=$7$?:]$K0lC6%k!<%k$,%/%j%"$5$l$F$7$^$C$F(B SSH
> $B$N%;%C%7%g%s$,DL?.ITG=$K4Y$C$F$7$^$C$?$N$@$H;W$$$^$9!"(BVNC$B%3%s%=!<%k(B
> $B$O2>A[(BPC$B$+$i$OJ*M}%3%s%=!<%k$HF1$807$$$K$J$k$N$G(BVPS$B>e$G$N%M%C%H%o!<(B
> $B%/$N1F6A$r<u$1$k;v$OL5$$$G$9!#(B
> 
> $B;d$b$5$/$i!"(BConoha$B$G(B VPS$B$r1?MQ$7$F$$$^$9$,!"F1$8LdBj$,$"$k$N$G%U%!(B
> $B%$%"!<%&%)!<%k4X78$r$$$8$k;~$O2>A[%3%s%=!<%k$+$i:n6H$9$kMM$K$7$F$$$^$9!#(B
> 
> $B$H$j$"$($:!"LdBj2r7h$N$*<jEA$$$,=PMh$F$h$+$C$?$G$9!#(B
> 
> On 2022.10.08 16:05, Yoshito Takeuchi wrote:
> > $B2?EY$b?=$7Lu$"$j$^$;$s!#C]Fb$G$9!#(B
> >
> > $BM}M3$OJ,$+$i$J$$$N$G$9$,!"(Bopen $B$GF0$/MM$K$J$j$^$7$?!#(B
> > $B;d$O:#$^$G$:$C$H(B ssh $B$+$i(B ipfw onestart $B$J$I$N%3%^%s%I$rBG$A(B
> > $BD>8e8G$^$C$F$7$^$$!"(Breboot $B$9$k$r7+$jJV$7$F$$$^$7$?!#(B
> > $B$=$l$r(B VNC $B%3%s%=!<%k$+$i%m%0%$%s$7$F(B ipfw onestart $B$7$^$7$?!#(B
> > rc.conf $B$K$O(B firewall_type="open" $B$@$1=q$$$F$"$j$^$9!#(B
> > $B$9$k$H(B flush all $B$J$s$H$+$J$s$H$+(B 65000 allow any to any $B$_$?$$$J(B
> > $B$*Fk@w$_$N%a%C%;!<%8$,=P$F$-$^$7$?!#$J$s$@!"F0$/$8$c$J$$$+!#(B
> > ssh $B$G@\B3=PMh$^$7$?!#$=$7$F!"$=$l0J9_$O(B ssh $B$+$i$G$b(B
> > ipfw onestart $B$7$F$bF1$8MM$KF0$/MM$K$J$j$^$7$?!#(B
> > $B$3$l$O:G=i!"$5$/$i(BVPS $B$G$d$C$?$N$G!"B3$$$F(B conoha VPS $B$G$b(B
> > $B%3%s%=!<%k$+$i!!(B1$BEY(B ipfw onestart $B$7$?$i!"0J8e$O(B ssh $B$+$i$G$b(B
> > ipfw $B%3%^%s%I$,F0$/MM$K$J$j$^$7$?!#%3%s%=!<%k$+$i0lEYF0$+$9$H(B
> > $B2?$,JQ$o$k$N$+J,$+$j$^$;$s$,!"0J>e$,8=:_$G$-$k$4Js9p$G$9!#(B
> >
> > $B$*A{$,$;$7$?$3$H$r:FEY$*OM$S?=$7>e$2$^$9!#(B
> > $B<:Ni$7$^$9!#(B
> >
> > p.s. $B8@$$Lu$J$s$G$9$,!"!"!"!":#<j85$K(B ipad($B30IU$1%-!<%\!<%IL5$7(B)
> > $B$@$1$J$b$N$G!"(BVNC $B%3%s%=!<%k$G$NJ8;zF~NO$,J*@($/$d$j$K$/$$$N$G(B
> > $B%3%s%=!<%k$G$N<B83$,8e2s$7$K$J$C$F$*$j$^$7$?!#(B
> >
> >
> >
> > 2022$BG/(B10$B7n(B8$BF|(B($BEZ(B) 14:35 Tomoaki AOKI <junchoon@dec.sakura.ne.jp>:
> >>
> >> $B@DLZ(B@$BL>8E20$G$9!#(B
> >>
> >> VPS$B$GDs6!$5$l$F$$$k%2%9%H(BOS$B%$%a!<%8$@$H!"6H<T$,2?$i$+$N(B
> >> $B<j$r2C$($F$$$k2DG=@-$bH]Dj$G$-$^$;$s$M$'!#(B
> >>
> >> firewall_type="OPEN"$B$@$H!">\:Y$O(B/etc/rc.firewall$B$r(B
> >> $BFI$s$GD:$/$H$7$F!"(B
> >>
> >> $B!!!&%k!<%W%P%C%/$N@_Dj(B
> >> $B!!!&(BIPv6$B$GI,$:DL$5$J$1$l$P$J$i$J$$$b$N$N@_Dj(B
> >> $B!!!&(BNAT$B$r;H$&@_Dj$N>l9g!"$=$NH?1G!#(B
> >> $B!!!&(B65000$BHV$K(B pass all from any to any$B$r@_Dj(B
> >>
> >> $B$9$k$@$1$G$9$N$G!"DI2C$G(B65000$BHV$h$j<c$$HV9f$G(B
> >> $B2?$+<WCG$9$k@_Dj$r$7$J$$8B$j!"2?$G$bDL$C$F$7$^$&(B
> >> $BH&$G$9!#(B
> >>
> >> $BApCO$5$s$4;XE&$N(Bipfw list$B$G2?$i$+$N%k!<%k$,DI2C(B
> >> $B$5$l$F$$$?$j$7$^$;$s$+!)(B
> >>
> >> NAT$B$r;H$o$:(BIPv6$B$"$j$N@_Dj$N>l9g!"(Bopen$B$J$iApCO$5$s$N(B
> >> $B:G=i$NJV?.$N(Bipfw list$B$NNc$N$H$*$j$K$J$C$F$$$kH&$G$9$,!"(B
> >> $B6H<T(BOS$B%$%a!<%8FH<+$NDI2C@_Dj$G(B65000$BHV$h$jA0$K(B
> >> deny ip from any to any$B$,F~$C$F$$$?$j$7$^$;$s$+!)(B
> >>
> >> $B!!"(6H<TFH<+$K(B/etc/rc.firewall$B$K<j$rF~$l$F$$$?$j!#(B
> >>
> >> $B$^$?!"(BNAT$B$r;H$&9=@.$N>l9g!"(BNAT$B$N@_DjB&$GFCDj%]!<%H(B
> >> $B$X$N%"%/%;%9$O$=$N$^$^JQ49$;$:DL$9$h$&$K$J$C$F(B
> >> $B$$$J$1$l$PFbB&$+$i$N%j%/%(%9%H$X$NJV?.0J30$N(B
> >> $B%"%/%;%9$O0l@ZDL$;$^$;$s!J(Bipfw$B$G$O$I$&$7$h$&$b$J$$!K(B
> >> $B$,!"(Bipfw$B$r5/F0$7$F$$$J$$>uBV$G%"%/%;%9$G$-$F$$$k$N$J$i(B
> >> $B=|30$7$FBg>fIW$H;W$$$^$9!#(B
> >>
> >> $B$=$l0JA0$K!"@5D>!"(Bfirewall_type="open"$B$G(Bipfw$B$r;HMQ$9$k(B
> >> $B0U5A$,A4$/8+$$$@$;$J$$$N$G$9$,(B...$B!#(B
> >>
> >> $B!!"(FCDj$NDL$7$?$/$J$$DL?.0J30A4ItDL$7$?$$>l9g$N2<I_$-$K(B
> >> $B!!!!$9$k$J$iJL$H$7$F!#!!(B65000$BHV$h$jA0$K(Bdeny$B$N@_Dj$r(B
> >> $B!!!!I,MW$J$@$1DI2C$9$k7A$G$9$M!#(B
> >>
> >> $B$J$*!"(Bipfw$B$G$O<c$$HV9f$N%k!<%k$+$i=g$KI>2A$7!":G=i$K(B
> >> $B%^%C%A$7$?=hM}$r9T$C$?$i8e$O$^$k$4$HL5;k$7$^$9!#(B
> >>
> >>
> >> On Sat, 8 Oct 2022 09:16:46 +0900
> >> Yoshito Takeuchi <kinchan@kinchan.com> wrote:
> >>
> >>> $B3'MM!"$4;XF3$"$j$,$H$&$4$6$$$^$9!#(B
> >>> $B;d$N4D6-$O(B conoha vps $B$G$9!#(B
> >>> $B:#!"$^$C$5$i$N(B FreeBSD 13.0  (conoha $B$N%W%l%$%s%9%H!<%k$,8E$$(B) $B$r:n@.$7$F(B
> >>> $B:G=i$K%m%0%$%s$7$?CJ3,$G(B ./etc/rc.conf $B$K(B
> >>> firewall_enable="yes"
> >>> firewall_type="open"
> >>> $B$rDI2C(B
> >>> /etc/rc.d/ipfw start
> >>> $B$9$k$H(B open $B$K$J$i$:!"A4%]!<%H$,(B deny any to any $B$K$J$C$F$$$^$7$?!#(B
> >>> ipfw $B<+BN$OF0$$$F$$$kMM$G$9!#(B
> >>> $B@5D>$J$H$3$m!"!)!)!)>uBV$G$9!#(B
> >>> $B$4Js9p$^$G(B
> >>> $B<:Ni$7$^$9!#(B
> >>>
> >>>
> >>> 2022$BG/(B10$B7n(B8$BF|(B($BEZ(B) 8:52 Kaoru Kusachi <tika@st.rim.or.jp>:
> >>>>
> >>>> $BApCO$G$9!#(B
> >>>>
> >>>> $B<j85$NF1Ey$N4D6-$G$b5/F0;~$K(B ipfw $B$N%+!<%M%k%b%8%e!<%k$,FI$_9~$^(B
> >>>> $B$l$?;~E@$GF1$8%a%C%;!<%8$,%3%s%=!<%k$KI=<($H(B /var/log/messages$B$K(B
> >>>> $B5-O?$5$l$F$$$^$9$N$G(B ipfw $B$N%b%8%e!<%k$OFI$_9~$^$l$F5/F0$7$F$$$k(B
> >>>> $B$H;W$$$^$9!"(B/etc/rc.firewall $B$,@5>o$K<B9T$5$l$k$H@_Dj$5$l$F$$$k(B
> >>>> $BM-8z$J%k!<%k$,I=<($5$l$k$N$G$9$,I=<($5$l$^$;$s$+!)(B
> >>>>
> >>>> $B;n$7$K(B /etc/rc.conf $B$N(B firewall_enable= $B$r(B "NO" $B$K$7$F5/F0;~$K(B
> >>>> $B<B9T$5$l$J$$MM$K$7$F$*$$$F!"<jF0$G(B /etc/rc.d/ipfw $B$r<jF0$G<B9T(B
> >>>> $B$7$F$_$k$H0J2<$NMM$KI=<($5$l$^$9!"0x$_$K(B start $B$r;XDj$9$k$H!"(B
> >>>> rc.conf$B$G(B "NO" $B$r;XDj$7$F$$$k$N$G(B onestart $B$;$h$H7Y9p$,I=<($5$l(B
> >>>> $B$^$9!#(B
> >>>>
> >>>> # /etc/rc.d/ipfw onestart
> >>>> ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to deny, logging disabled
> >>>> Flushed all rules.
> >>>> 00100 allow ip from any to any via lo0
> >>>> 00200 deny ip from any to 127.0.0.0/8
> >>>> 00300 deny ip from 127.0.0.0/8 to any
> >>>> 00400 deny ip from any to ::1
> >>>> 00500 deny ip from ::1 to any
> >>>> 00600 allow ipv6-icmp from :: to ff02::/16
> >>>> 00700 allow ipv6-icmp from fe80::/10 to fe80::/10
> >>>> 00800 allow ipv6-icmp from fe80::/10 to ff02::/16
> >>>> 00900 allow ipv6-icmp from any to any icmp6types 1
> >>>> 01000 allow ipv6-icmp from any to any icmp6types 2,135,136
> >>>> 65000 allow ip from any to any
> >>>> Firewall rules loaded.
> >>>>
> >>>> $B@_Dj%k!<%k$NFI$_9~$_$,I=<($5$l$J$$MM$G$"$l$P(B rc.firewall $B$N(B
> >>>> $B%9%/%j%W%H$,<B9T$5$l$F$$$J$$2DG=@-$,9M$($i$l$^$9$N$G!"(B
> >>>> $B$=$NJU$j$rD4$Y$F$_$F$O$$$+$,$G$7$g$&$+!)(B
> >>>>
> >>>> $B$H$j$"$($:;29M$^$G!#(B
> >>>>
> >>>> On 2022.10.07 18:38, Yoshito Takeuchi wrote:
> >>>>> $B$*A{$,$;$7$F$*$j$^$9!#(B
> >>>>> ipfw start $B$7$?%?%$%_%s%0$G(B /var/log/message $B$K(B
> >>>>> kernel: ipfw2 (+ipv6) initialized, divert loadable, nat loadable,
> >>>>> default to deny, logging disabled
> >>>>> $B$H=P$F$$$^$7$?!#$3$l$C$F!"(B
> >>>>> firewall_type="open"
> >>>>> $B$rG'<1$7$F$$$J$$$C$F;v$J$s$G$7$g$&$+!)(B
> >>>>>
> >>>
> >>
> >>
> >> --
> >> $B@DLZ(B $BCNL@(B  [Tomoaki AOKI]    <junchoon@dec.sakura.ne.jp>
> 
> -- $BApCO!!70(B (Kaoru Kusachi) tika@st.rim.or.jp
> Nakno,Tokyo,Japan.
> 

-- 
Yoshihiro Hanahara <hanahara@meiko.co.jp>