svn commit: r50709 - in head/ja_JP.eucJP/books/handbook: advanced-networking security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Fri Aug 25 15:22:39 UTC 2017
Author: ryusuke
Date: Fri Aug 25 15:22:38 2017
New Revision: 50709
URL: https://svnweb.freebsd.org/changeset/doc/50709
Log:
- Merge the following from the English version:
r22608 -> r23130 head/ja_JP.eucJP/books/handbook/security/chapter.xml
- Comment out <xref linkend="firewalls"/> :
head/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml Thu Aug 24 10:04:01 2017 (r50708)
+++ head/ja_JP.eucJP/books/handbook/advanced-networking/chapter.xml Fri Aug 25 15:22:38 2017 (r50709)
@@ -1864,7 +1864,8 @@ rfcomm_sppd[94692]: Starting on /dev/ttyp6...</screen>
<para>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤È¤·¤Æ¥Ö¥ê¥Ã¥¸¤òÍøÍѤ·¤è¤¦¤È¤·¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï
<literal>IPFIREWALL</literal> ¥ª¥×¥·¥ç¥ó¤â»ØÄꤹ¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¥Ö¥ê¥Ã¥¸¤ò¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤È¤·¤ÆÀßÄꤹ¤ëºÝ¤Î°ìÈÌŪ¤Ê¾ðÊó¤Ë´Ø¤·¤Æ¤Ï¡¢
- <xref linkend="firewalls"/> ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¾Ï
+ <!-- <xref linkend="firewalls"/> --> ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
<para>IP °Ê³°¤Î¥Ñ¥±¥Ã¥È (ARP ¤Ê¤É)
¤¬¥Ö¥ê¥Ã¥¸¤òÄ̲᤹¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¤Ï¡¢
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Aug 24 10:04:01 2017 (r50708)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Fri Aug 25 15:22:38 2017 (r50709)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r22608
+ Original revision: r23130
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -33,7 +33,7 @@
¤¢¤Ê¤¿¤Î¥Ç¡¼¥¿¡¢ÃÎŪºâ»º¡¢»þ´Ö¡¢¤½¤Î¾¤ò¡¢
¥Ï¥Ã¥«¡¼¤ä¤½¤ÎƱÎफ¤é¼é¤ë¤¿¤á¤Ë¤Ï·ç¤«¤»¤Þ¤»¤ó¡£</para>
- <para>FreeBSD ¤Ï¡¢
+ <para>&os; ¤Ï¡¢
¥·¥¹¥Æ¥à¤È¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÀ°¹çÀ¤È°ÂÁ´À¤ò³Î¼Â¤Ë¤¹¤ë»ÅÁȤߤȰìÏ¢¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÄ󶡤·¤Æ¤¤¤Þ¤¹¡£</para>
<para>¤³¤Î¾Ï¤òÆɤà¤È¡¢°Ê²¼¤Î¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£</para>
@@ -69,10 +69,6 @@
</listitem>
<listitem>
- <para><acronym>IPFW</acronym> ¤Ç¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò¹½ÃÛ¤¹¤ëÊýË¡</para>
- </listitem>
-
- <listitem>
<para>IPsec ¤ª¤è¤Ó FreeBSD/&windows; ¥³¥ó¥Ô¥å¡¼¥¿¤Î´Ö¤Ç
<acronym>VPN</acronym> ¤ÎÀßÄêÊýË¡</para>
</listitem>
@@ -101,6 +97,10 @@
</listitem>
</itemizedlist>
+<!-- <para>Additional security topics are covered throughout this book.
+ For example, Mandatory Access Control is discussed in <xref
+ linkend="mac"/> and Internet Firewalls are discussed in <xref
+ linkend="firewalls"/>.</para> -->
</sect1>
<sect1 xml:id="security-intro">
@@ -311,10 +311,10 @@
</sect1>
<sect1 xml:id="securing-freebsd">
- <title>FreeBSD ¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ <title>&os; ¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
<indexterm>
<primary>¥»¥¥å¥ê¥Æ¥£</primary>
- <secondary>FreeBSD ¤Î°ÂÁ´À¤ò¹â¤á¤ë</secondary>
+ <secondary>&os; ¤Î°ÂÁ´À¤ò¹â¤á¤ë</secondary>
</indexterm>
<note>
@@ -334,7 +334,7 @@
</indexterm>
<para>°Ê²¼¤ÎÀá¤Ç¤Ï¡¢ËܾϤÎ<link linkend="security-intro">Á°Àá
- </link>¤Ç¤È¤ê¤¢¤²¤¿ FreeBSD ¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤Æ
+ </link>¤Ç¤È¤ê¤¢¤²¤¿ &os; ¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤Æ
½Ò¤Ù¤Þ¤¹¡£</para>
<sect2 xml:id="securing-root-and-staff">
@@ -555,7 +555,7 @@
¤·¤Æ¤Ê¤¤¥Þ¥·¥ó¤ò²ÔƯ¤µ¤»¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢¤½¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤òÄä
»ß¤µ¤»¤Æ²¼¤µ¤¤!</para>
- <para>FreeBSD ¤Ç¤Ï¡¢º£¤Ç¤Ï <application>ntalkd</application>,
+ <para>&os; ¤Ç¤Ï¡¢º£¤Ç¤Ï <application>ntalkd</application>,
<application>comsat</application>,
<application>finger</application> ¤Ïº½¾ì¤Ç¼Â¹Ô¤µ¤»¤ë¤³¤È¤¬¥Ç¥Õ¥©
¥ë¥È¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¼¡¤Ëº½¾ì¤Ç¼Â¹Ô¤µ¤»¤ë¤Ù¤¥×¥í¥°¥é¥à¤Î¸õÊä¤È
@@ -667,7 +667,7 @@
¤Î¸¢¸Â¤òÇˤë¤È¡¢¹¶·â¼Ô¤Ï¤Û¤È¤ó¤É²¿¤Ç¤â¤Ç¤¤Þ¤¹¤¬¡¢Æä˽ÅÊõ¤µ
¤ì¤ëÆÃÄê¤Î»öÊÁ¤â¤¤¤¯¤Ä¤«¤¢¤ê¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢ºÇ¶á¤Î¥«¡¼¥Í¥ë¤Ï¡¢ÁÈ
¤ß¹þ¤ß¤Î¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥Ç¥Ð¥¤¥¹ (packet sniffing device) ¥É¥é¥¤
- ¥Ð¤òÈ÷¤¨¤Æ¤¤¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£FreeBSD ¤Ç¤Ï
+ ¥Ð¤òÈ÷¤¨¤Æ¤¤¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£&os; ¤Ç¤Ï
<filename>bpf</filename> ¥Ç¥Ð¥¤¥¹¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤¹¡£¿¯Æþ¼Ô
¤ÏÉáÄÌ¡¢¿¯ÆþºÑ¤ß¤Î¥Þ¥·¥ó¤Ç¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥×¥í¥°¥é¥à¤ò¼Â¹Ô¤µ¤»¤è
¤¦¤È»î¤ß¤Þ¤¹¡£¿¯Æþ¼Ô¤Ë¤ï¤¶¤ï¤¶¤½¤¦¤¤¤¦µ¡Ç½¤òÄ󶡤¹¤ëɬÍפϤʤ¤
@@ -926,7 +926,7 @@
½Ð¤Æ¤¤¿¤ê¡¢¿·¤·¤¤ÆâÉô¥µ¡¼¥Ó¥¹¤òÄɲä·¤¿¤Î¤Ë¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î
¹¹¿·¤ò˺¤ì¤¿¤ê¤¹¤ë²ÄǽÀ¤¬¤è¤¯½Ð¤Æ¤¤Þ¤¹¡£¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¾å¤Î
Â礤¤ÈÖ¹æ¤Î¥Ý¡¼¥È¤ò³«¤±¤Æ¤ª¤¯¤³¤È¤Ë¤è¤ê¡¢¾®¤µ¤¤ÈÖ¹æ¤Î¥Ý¡¼¥È¤ò
- ´í¸±¤Ë»¯¤¹¤³¤È¤Ê¤¯¼õÍÆŪ¤ÊÆ°ºî¤òµö¤¹¤³¤È¤¬¤Ç¤¤Þ¤¹¡£FreeBSD ¤Ç
+ ´í¸±¤Ë»¯¤¹¤³¤È¤Ê¤¯¼õÍÆŪ¤ÊÆ°ºî¤òµö¤¹¤³¤È¤¬¤Ç¤¤Þ¤¹¡£&os; ¤Ç
¤Ï¡¢<varname>net.inet.ip.portrange</varname> ¤Ø¤Î
<command>sysctl</command> (<command>sysctl -a | fgrep
portrange</command>) ¤ò¤¤¤í¤¤¤í»ÈÍѤ¹¤ë¤³¤È¤Ç¡¢Æ°Åª¥Ð¥¤¥ó¥É¤Ë»ÈÍѤµ¤ì¤ë
@@ -962,7 +962,7 @@
¤Þ¤¦¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£mbuf ¤ò¾ÃÈñ¤·¿Ô¤¯¤µ¤»¤ë¤³¤È¤Ë¤è
¤ê¡¢¤³¤Î¼ï¤Î¹¶·â¤Ç¥µ¡¼¥Ð¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£¥µ¡¼
¥Ð¤¬À¸À®¤·¤¿ ICMP ±þÅú¤ò½½Ê¬Â®¤¯Á÷¿®¤Ç¤¤Ê¤¤¾ì¹ç¡¢¤È¤¯¤Ë¤Ò¤É¤¤
- ¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£FreeBSD ¥«¡¼¥Í¥ë¤Ë¤Ï¡¢¤³¤Î¼ï¤Î¹¶·â¤Î¸ú²Ì¤òÍÞÀ©¤¹¤ë
+ ¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£&os; ¥«¡¼¥Í¥ë¤Ë¤Ï¡¢¤³¤Î¼ï¤Î¹¶·â¤Î¸ú²Ì¤òÍÞÀ©¤¹¤ë
<option>ICMP_BANDLIM</option>
¤È¸Æ¤Ð¤ì¤ë¿·¤·¤¤¥«¡¼¥Í¥ë¥³¥ó¥Ñ¥¤¥ë¥ª¥×¥·¥ç¥ó
¤¬¤¢¤ê¤Þ¤¹¡£Æ§¤ßÂ湶·â¤Î 3 ¤Ä¤á¤Î¼çÍפʥ¯¥é¥¹¤Ë°¤¹¤ë¹¶·â¤Ï¡¢
@@ -1104,13 +1104,13 @@
¤Ë´ð¤Å¤¤¤¿¤â¤Î¤À¤±¤Ç¤·¤¿¡£¤³¤Î¤³¤È¤ÏÊƹñ¤Ë½»¤ó¤Ç¤¤¤ë¥æ¡¼¥¶¤Ë¤È¤Ã¤Æ
¤ÏÂ礷¤ÆÌäÂê¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¤Ç¤·¤¿¤¬¡¢DES ¤Î¥½¡¼¥¹¥³¡¼¥É¤òÊƹñ³°¤Ë
Í¢½Ð¤¹¤ë¤³¤È¤Ï¤Ç¤¤Ê¤¤¤È¤¤¤¦ÌäÂ꤬¤¢¤ê¤Þ¤·¤¿¡£¤½¤Î¤¿¤á¤Ë¡¢
- FreeBSD ¤Ï¡¢Êƹñ¤ÎˡΧ¤ò¼é¤ë¤³¤È¤È¡¢Ì¤¤À¤Ë DES ¤ò»È¤Ã¤Æ¤¤¤¿Â¾¤Î
+ &os; ¤Ï¡¢Êƹñ¤ÎˡΧ¤ò¼é¤ë¤³¤È¤È¡¢Ì¤¤À¤Ë DES ¤ò»È¤Ã¤Æ¤¤¤¿Â¾¤Î
&unix; °ì²¤È¤Î¸ß´¹À¤òÊݤĤ³¤È¤È¤òξΩ¤¹¤ëÊýË¡¤òõ¤·½Ð¤¹É¬Íפ¬¤¢¤ê¤Þ¤·¤¿¡£</para>
<para>¤½¤Î²ò·èÊýË¡¤Ï¡¢Êƹñ¤Î¥æ¡¼¥¶¤Ï DES ¤Î¥é¥¤¥Ö¥é¥ê¤ò¥¤¥ó¥¹¥È¡¼
¥ë¤·¤Æ DES ¤ò»ÈÍѤǤ¤ë¤¬¡¢Êƹñ³°¤Î¥æ¡¼¥¶¤Ï¹ñ³°¤ËÍ¢½Ð²Äǽ¤Ê¾¤Î
¤Ò¤È¤Ä¤Î°Å¹æ²½Êý¼°¤ò»ÈÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤ë¡¢¤È¤¤¤¦¤è¤¦¤Ë°Å¹æ²½¥é¥¤
- ¥Ö¥é¥ê¤òʬ³ä¤¹¤ë¤³¤È¤Ç¤·¤¿¡£¤³¤ì¤¬ FreeBSD ¤¬¥Ç¥Õ¥©¥ë¥È¤Î°Å¹æ²½
+ ¥Ö¥é¥ê¤òʬ³ä¤¹¤ë¤³¤È¤Ç¤·¤¿¡£¤³¤ì¤¬ &os; ¤¬¥Ç¥Õ¥©¥ë¥È¤Î°Å¹æ²½
Êý¼°¤È¤·¤Æ MD5 ¤ò»È¤¦¤è¤¦¤Ë¤Ê¤Ã¤¿¤¤¤¤µ¤Ä¤Ç¤¹¡£MD5 ¤Ï DES ¤è¤ê¤â
¤è¤ê°ÂÁ´¤Ç¤¢¤ë¤È¹Í¤¨¤é¤ì¤Æ¤¤¤ë¤¿¤á¡¢DES ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë°ìÈÖ¤Î
Íýͳ¤Ï¸ß´¹À¤òÊݤĤ¿¤á¤È¤¤¤¨¤Þ¤¹¡£</para>
@@ -1118,15 +1118,15 @@
<sect2>
<title>°Å¹æ²½µ¡¹½¤òÍý²ò¤¹¤ë</title>
- <para>FreeBSD 4.4 ¤ÎÁ°¤Þ¤Ç¤Ï¡¢<filename>libcrypt.a</filename>
+ <para>&os; 4.4 ¤ÎÁ°¤Þ¤Ç¤Ï¡¢<filename>libcrypt.a</filename>
¤Ï°Å¹æ²½¤Ë»È¤ï¤ì¤ë¥é¥¤¥Ö¥é¥ê¤Ø¤Î¥·¥ó¥Ü¥ê¥Ã¥¯¥ê¥ó¥¯¤Ç¤·¤¿¡£
- FreeBSD 4.4 ¤Ç <filename>libcrypt.a</filename>
+ &os; 4.4 ¤Ç <filename>libcrypt.a</filename>
¤ÏÀßÄê²Äǽ¤Ê¥Ñ¥¹¥ï¡¼¥Éǧ¾Ú¥Ï¥Ã¥·¥å¥é¥¤¥Ö¥é¥ê¤òÄ󶡤¹¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£
¸½ºß¤Î¤È¤³¤í¡¢¤³¤Î¥é¥¤¥Ö¥é¥ê¤Ï DES, MD5 ¤ª¤è¤Ó Blowfish
- ¥Ï¥Ã¥·¥å´Ø¿ô¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢FreeBSD
+ ¥Ï¥Ã¥·¥å´Ø¿ô¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢&os;
¤Ï¥Ñ¥¹¥ï¡¼¥É¤Î°Å¹æ²½¤Ë MD5 ¤òÍøÍѤ·¤Þ¤¹¡£</para>
- <para>FreeBSD ¤¬¤É¤Î°Å¹æ²½Êý¼°¤ò»È¤¦¤è¤¦¤Ë¥»¥Ã¥È¥¢¥Ã¥×¤µ¤ì¤Æ¤¤¤ë
+ <para>&os; ¤¬¤É¤Î°Å¹æ²½Êý¼°¤ò»È¤¦¤è¤¦¤Ë¥»¥Ã¥È¥¢¥Ã¥×¤µ¤ì¤Æ¤¤¤ë
¤«¤òȽÃǤ¹¤ë¤Î¤Ï´Êñ¤Ç¤¹¡£
<filename>/etc/master.passwd</filename> ¥Õ¥¡¥¤¥ë¤ÎÃæ¤Î°Å¹æ²½¤µ
¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤òÄ´¤Ù¤Æ¤ß¤ë¤Î¤¬°ì¤Ä¤ÎÊýË¡¤Ç¤¹¡£MD5 ¥Ï¥Ã¥·¥å¤Ç°Å
@@ -1163,13 +1163,13 @@
</indexterm>
<para>S/Key ¤Ï°ìÊý¸þ¥Ï¥Ã¥·¥å´Ø¿ô¤ò´ð¤Ë¤·¤¿¥ï¥ó¥¿¥¤¥à¥Ñ¥¹¥ï¡¼¥ÉÊý¼°
- ¤Ç¤¹¡£FreeBSD ¤Ç¤Ï¡¢¸ß´¹À¤Î¤¿¤á¤Ë MD4 ¥Ï¥Ã¥·¥å¤òÍѤ¤¤Æ¤¤¤Þ¤¹¤¬
+ ¤Ç¤¹¡£&os; ¤Ç¤Ï¡¢¸ß´¹À¤Î¤¿¤á¤Ë MD4 ¥Ï¥Ã¥·¥å¤òÍѤ¤¤Æ¤¤¤Þ¤¹¤¬
¾¤Î¥·¥¹¥Æ¥à¤Ç¤Ï MD5 ¤ä DES-MAC ¤òÍѤ¤¤Æ¤Þ¤¹¡£S/Key ¤Ï¡¢¥Ð¡¼¥¸¥ç
- ¥ó1.1.5 °Ê¹ß¤Î¤¹¤Ù¤Æ¤Î FreeBSD ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¤·¡¢FreeBSD °Ê³°
+ ¥ó1.1.5 °Ê¹ß¤Î¤¹¤Ù¤Æ¤Î &os; ¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¤·¡¢&os; °Ê³°
¤Î¿ô¿¤¯¤Î¥·¥¹¥Æ¥à¤Î¾å¤Ç¤âÍøÍѤµ¤ì¤Æ¤¤¤Þ¤¹¡£S/Key ¤Ï Bell
Communications Research, Inc. ¤ÎÅÐÏ¿¾¦É¸¤Ç¤¹¡£</para>
- <para>FreeBSD ¥Ð¡¼¥¸¥ç¥ó 5.0 °Ê¹ß¤Ç¤Ï¡¢S/Key
+ <para>&os; ¥Ð¡¼¥¸¥ç¥ó 5.0 °Ê¹ß¤Ç¤Ï¡¢S/Key
¤Ïµ¡Ç½Åª¤ËƱÅù¤Ê OPIE (One-time Passwords In Everything)
¤ÇÃÖ¤´¹¤¨¤é¤ì¤Þ¤·¤¿¡£OPIE ¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï
MD5 ¥Ï¥Ã¥·¥å¤ò»ÈÍѤ·¤Þ¤¹¡£</para>
@@ -1277,7 +1277,8 @@
<sect2>
<title>¿®Íê¤Ç¤¤ëÄÌ¿®Ï©¤Ç¤Î½é´ü²½</title>
- <para>¿®Íê¤Ç¤¤ëÄÌ¿®Ï© (¤¿¤È¤¨¤Ð¤¢¤ë¥Þ¥·¥ó¤Î¥³¥ó¥½¡¼¥ë²èÌ̤䡢<application>ssh</application>
+ <para>¿®Íê¤Ç¤¤ëÄÌ¿®Ï© (¤¿¤È¤¨¤Ð¤¢¤ë¥Þ¥·¥ó¤Î¥³¥ó¥½¡¼¥ë²èÌ̤䡢
+ <application>ssh</application>
¤ò»È¤Ã¤Æ¤¤¤ë»þ¤Ê¤É) ¤òÍøÍѤ·¤Æ¤¤¤ë¤È¤¤Ë¡¢S/Key ¤ò½é¤á¤Æ½é´ü²½
¤¹¤ë¤³¤È¡¢S/Key ¤ÎÈëÌ©¤Î¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÊѹ¹¤¹¤ë¤³¤È¡¢¤Þ¤¿¤Ï¥·¡¼
¥É¤òÊѹ¹¤¹¤ë¤³¤È¡¢¤ò¤ª¤³¤Ê¤¦¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¤½¤Î¤¿¤á¤Ë¤Ï¡¢¤Þ¤º
@@ -1556,7 +1557,7 @@ Enter secret pass phrase: <userinput><secret passwo
ÀäÂФˤ³¤Î¥Þ¥Ë¥å¥¢¥ë¤òÆɤó¤Ç¤¯¤À¤µ¤¤¡£</para>
<para>¤â¤· <filename>/etc/skey.access</filename>
- ¥Õ¥¡¥¤¥ë¤¬Â¸ºß¤·¤Ê¤¤¤Ê¤é¤Ð (FreeBSD 4.X
+ ¥Õ¥¡¥¤¥ë¤¬Â¸ºß¤·¤Ê¤¤¤Ê¤é¤Ð (&os; 4.X
¤Î¥Ç¥Õ¥©¥ë¥È¾õÂ֤ǤϤ½¤¦¤Ç¤¹)¡¢¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤¬ &unix;
¥Ñ¥¹¥ï¡¼¥É¤òÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
µÕ¤Ë¡¢¤â¤·¥Õ¥¡¥¤¥ë¤¬Â¸ºß¤¹¤ë¤Ê¤é¤Ð¡¢
@@ -1602,7 +1603,7 @@ permit port ttyd0</programlisting>
<para>OPIE ¤Ï S/Key ¤¬¹Ô¤¦¤è¤¦¤Ê¡¢¥í¥°¥¤¥ó¥»¥Ã¥·¥ç¥ó¤Î IP
¥¢¥É¥ì¥¹¤ò¥Ù¡¼¥¹¤È¤·¤¿ &unix; ¥Ñ¥¹¥ï¡¼¥É¤Î»ÈÍѤòÀ©¸Â¤Ç¤¤Þ¤¹¡£
´ØÏ¢¥Õ¥¡¥¤¥ë¤Ï¡¢<filename>/etc/opieaccess</filename> ¤Ç¤¹¡£
- FreeBSD 5.0 °Ê¹ß¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¥Ç¥ª¥Õ¥©¥ë¥È¤ÇÍÑ°Õ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
+ &os; 5.0 °Ê¹ß¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¥Ç¥ª¥Õ¥©¥ë¥È¤ÇÍÑ°Õ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
¤³¤Î¥Õ¥¡¥¤¥ë¤Î¾ÜºÙ¤ä¡¢
¤³¤Î¥Õ¥¡¥¤¥ë¤ò»ÈÍѤ¹¤ëºÝ¤Ë¹Íθ¤¹¤Ù¤¥»¥¥å¥ê¥£¤Ë¤Ä¤¤¤Æ¤Ï
&man.opieaccess.5; ¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
@@ -1884,7 +1885,7 @@ sendmail : PARANOID : deny</programlisting>
¤½¤·¤Æ¤³¤ì¤Þ¤Ç¤è¤êÀ©¸æ ¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
<para>°Ê²¼¤Îʸ¾Ï¤Ï¡¢
- FreeBSDÍѤȤ·¤ÆÇÛÉÛ¤µ¤ì¤Æ¤¤¤ëKerberos¤ò¥»¥Ã¥È¥¢¥Ã¥×
+ &os; ÍѤȤ·¤ÆÇÛÉÛ¤µ¤ì¤Æ¤¤¤ë Kerberos ¤ò¥»¥Ã¥È¥¢¥Ã¥×
¤¹¤ëºÝ¤Î¥¬¥¤¥É¤È¤·¤ÆÆɤळ¤È¤¬¤Ç¤¤Þ¤¹¡£¤·¤«¤·¡¢
´°Á´¤ÊÀâÌÀ¤¬É¬Íפʾì¹ç¤Ë¤Ï¡¢¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤òÆɤó¤ÀÊý¤¬¤è¤¤
¤Ç¤·¤ç¤¦¡£</para>
@@ -1898,7 +1899,7 @@ sendmail : PARANOID : deny</programlisting>
<secondary>¥¤¥ó¥¹¥È¡¼¥ë</secondary>
</indexterm>
<para>Kerberos ¤ÏÁªÂò¤¬Ç¤°Õ¤Ê &os; ¤Î¥³¥ó¥Ý¡¼¥Í¥ó¥È¤Ç¤¹¡£
- ¤â¤Ã¤È¤â´Êñ¤Ê¥¤¥ó¥¹¥È¡¼¥ëÊýË¡¤Ï¡¢FreeBSD
+ ¤â¤Ã¤È¤â´Êñ¤Ê¥¤¥ó¥¹¥È¡¼¥ëÊýË¡¤Ï¡¢&os;
¤Î¥¤¥ó¥¹¥È¡¼¥ë»þ¤Ë <application>sysinstall</application>
¤Ç <literal>krb4</literal> ¤Þ¤¿¤Ï <literal>krb5</literal>
ÇÛÉÛʪ¤òÁªÂò¤¹¤ë¤³¤È¤Ç¤¹¡£
@@ -2572,6 +2573,7 @@ kerberos_stash="YES"</programlisting>
[realms]
EXAMPLE.ORG = {
kdc = kerberos.example.org
+ admin_server = kerberos.example.org
}
[domain_realm]
.example.org = EXAMPLE.ORG</programlisting>
@@ -2603,6 +2605,15 @@ _kpasswd._udp IN SRV 01 00 464 kerberos.exa
_kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org.
_kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
+ <note>
+ <para>¥¯¥é¥¤¥¢¥ó¥È¤¬¡¢
+ <application>Kerberos</application> ¥µ¡¼¥Ó¥¹¤ò¸«¤Ä¤±¤ë¤¿¤á¤Ë¤Ï¡¢
+ <filename>/etc/krb5.conf</filename> ¤ò´°Á´¤ËÀßÄꤹ¤ë¤«¡¢
+ <filename>/etc/krb5.conf</filename> ¤òºÇÄã¸Â¤ËÀßÄꤷ¡¢
+ <emphasis>¤µ¤é¤Ë</emphasis> DNS ¥µ¡¼¥Ð¤òŬÀÚ¤ËÀßÄꤹ¤ë
+ <emphasis>ɬÍ×</emphasis> ¤¬¤¢¤ê¤Þ¤¹¡£</para>
+ </note>
+
<para>¼¡¤Ë <application>Kerberos</application> ¥Ç¡¼¥¿¥Ù¡¼¥¹¤òºîÀ®¤·¤Þ¤¹¡£
¤³¤Î¥Ç¡¼¥¿¥Ù¡¼¥¹¤Ë¤Ï¡¢
¥Þ¥¹¥¿¡¼¸°¤Ë¤è¤ê°Å¹æ²½¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¥×¥ê¥ó¥·¥Ñ¥ë¤Î¸°¤¬¤¢¤ê¤Þ¤¹¡£
@@ -3264,1017 +3275,6 @@ jdoe at example.org</screen>
</sect2>
</sect1>
- <sect1 xml:id="firewalls">
- <info><title>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë</title>
- <authorgroup>
- <author><personname><firstname>Gary</firstname><surname>Palmer</surname></personname><contrib>´ó¹Æ: </contrib></author>
- <author><personname><firstname>Alex</firstname><surname>Nash</surname></personname></author>
- </authorgroup>
- </info>
-
-
- <indexterm><primary>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë</primary></indexterm>
- <indexterm>
- <primary>¥»¥¥å¥ê¥Æ¥£</primary>
- <secondary>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë</secondary>
- </indexterm>
-
- <para><emphasis>Ìõ: &a.jp.saeki;.<!-- <br> -->
- 11 November 1996.</emphasis></para>
-
- <para>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ï¡¢
- ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ë»²²Ã¤·¤Æ¤¤¤ë¿Í¤Ï¤â¤Á¤í¤ó¤Î¤³¤È¡¢
- ¥×¥é¥¤¥Ù¡¼¥È¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥»¥¥å¥ê¥Æ¥£¸þ¾å¤Î¤¿¤á¤Î
- ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò õ¤·¤Æ¤¤¤ë¿Í¤Ë¤È¤Ã¤Æ¤â¡¢
- ¤Þ¤¹¤Þ¤¹¶½Ì£¿¼¤¯¤Ê¤ê¤Ä¤Ä¤¢¤ëʬÌî¤Ç¤¹¡£
- ¤³¤Î¥»¥¯¥·¥ç¥ó¤Ç¤Ï¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤È¤Ï²¿¤«¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î»ÈÍÑË¡¡¢
- ¤½¤·¤Æ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò¹½ÃÛ¤¹¤ë¤¿¤á¤Ë FreeBSD ¤Î¥«¡¼¥Í¥ë¤Ç
- Ä󶡤µ¤ì¤Æ¤¤¤ë¥Õ¥¡¥·¥ê¥Æ¥£ (µ¡Ç½)
- ¤Î»ÈÍÑË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£</para>
-
- <note>
- <para>¼ÒÆâ¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤È <quote>µðÂ礫¤Ä¿®Íê¤Î¤ª¤±¤Ê¤¤
- ¥¤¥ó¥¿¡¼¥Í¥Ã¥È</quote>¤È¤Î´Ö¤Ë¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò¹½ÃÛ¤¹¤ë¤³¤È¤Ç
- ¥»¥¥å¥ê¥Æ¥£¾å¤Î¤¹¤Ù¤Æ¤ÎÌäÂ꤬²ò·è¤Ç¤¤ë¤È¹Í¤¨¤ë¿Í¤¬¤¤¤Þ¤¹¡£
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ï¥»¥¥å¥ê¥Æ¥£¾å¤ÎÌäÂê¤ò
- ²ò·è¤¹¤ë½õ¤±¤Ë¤Ê¤ë¾ì¹ç¤â¤¢¤ê¤Þ¤¹¤¬¡¢
- ½¼Ê¬¤ÊÀßÄ꤬¤Ê¤µ¤ì¤Æ¤¤¤Ê¤¤¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ï¡¢
- ¤Þ¤Ã¤¿¤¯¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò
- »ý¤¿¤Ê¤¤¾ì¹ç¤è¤ê¤â¥»¥¥å¥ê¥Æ¥£¾å¤Î´í¸±¤òÁýÂ礵¤»¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ë¤Ç¤¤ë¤³¤È¤Ï¡¢
- ¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥à¤Ë¤â¤¦°ì¤Ä¤Î¥»¥¥å¥ê¥Æ¥£Áؤò
- Äɲ乤뤳¤È¤À¤±¤Ç¡¢
- Ëܵ¤¤Ç¥¢¥¿¥Ã¥¯¤ò¤·¤«¤±¤Æ¤¯¤ë¥¯¥é¥Ã¥«¡¼¤¬ÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¤Ë
- ¿¯Æþ¤¹¤ë¤Î¤ò˸¤²¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò¿¯ÆþÉÔ²Äǽ¤È²á¿®¤·¤Æ
- ÆâÉô¤Î¥»¥¥å¥ê¥Æ¥£¤ò¤ª¤í¤½¤«¤Ë¤¹¤ë¤³¤È¤Ï¡¢
- ñ¤Ë¥¯¥é¥Ã¥«¡¼¤Î»Å»ö¤ò¾¯¤·´Êñ¤Ë¤¹¤ë¤À¤±¤Ç¤·¤«
- ¤¢¤ê¤Þ¤»¤ó¡£</para>
- </note>
-
- <sect2>
- <title>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤È¤Ï²¿¤« ?</title>
-
- <para>¸½ºß¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤ÇÉáÄ̤˻ÈÍѤµ¤ì¤Æ¤¤¤ë
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ë¤Ï Æó¤Ä¤Î°Û¤Ê¤ë¥¿¥¤¥×¤¬¤¢¤ê¤Þ¤¹¡£°ì¤Ä¤Ï¡¢
- ¸·Ì©¤Ë¤Ï <emphasis> ¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°¥ë¡¼¥¿ </emphasis>
- ¤È¸Æ¤Ð¤ì¤ë¥¿¥¤¥×¤Î¤â¤Î¤Ç¤¹¡£
- ¤³¤Î¥¿¥¤¥×¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ï¥Þ¥ë¥Á¥Û¡¼¥à¥Þ¥·¥ó¤ÇÍøÍѤµ¤ì¡¢
- ¤¢¤ëµ¬Â§¤Ë¤·¤¿¤¬¤Ã¤Æ¥Ñ¥±¥Ã¥È¤òžÁ÷¤·¤¿¤ê¥Ö¥í¥Ã¥¯¤·¤¿¤ê¤¹¤ë¤â¤Î¤Ç¤¹¡£
- ¥Þ¥ë¥Á¥Û¡¼¥à¥Þ¥·¥ó¤È¤Ï¡¢
- Ê£¿ô¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò»ý¤Ä¥³¥ó¥Ô¥å¡¼¥¿¤Î¤³¤È¤Ç¤¹¡£
- ¤â¤¦°ì¤Ä¤Ï¡¢
- <emphasis> proxy (ÂåÍý) ¥µ¡¼¥Ð </emphasis>
- ¤È¤·¤ÆÃΤé¤ì¤Æ¤¤¤ë¥¿¥¤¥×¤Î¤â¤Î¤Ç¤¹¡£¤³¤ì¤Ï¡¢
- ¤ª¤½¤é¤¯¤Ï¥Þ¥ë¥Á¥Û¡¼¥à¤Î¥Û¥¹¥È¥Þ¥·¥ó¾å¤Ç¡¢
- ¥«¡¼¥Í¥ë¤Ë¤è¤ë¥Ñ¥±¥Ã¥ÈžÁ÷¤ò ¶Ø»ß¤·¤Æ¡¢
- ¥Ç¡¼¥â¥ó¤Ë¤è¤êǧ¾Ú¤ÎÄ󶡤ȥѥ±¥Ã¥È¤ÎžÁ÷¤È¤ò
- ¤ª¤³¤Ê¤¦¤â¤Î¤Ç¤¹¡£</para>
-
- <para>Æó¤Ä¤Î¥¿¥¤¥×¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òÁȤ߹ç¤ï¤»¤Æ»ÈÍѤ·¤Æ¡¢
- ÆÃÄê¤Î¥Þ¥·¥ó (<emphasis> Í׺ɥۥ¹¥È </emphasis> ¤È¸Æ¤Ð¤ì¤ë)
- ¤À¤±¤¬ ¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°¥ë¡¼¥¿¤òÄ̤·¤ÆÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¤Ø
- ¥Ñ¥±¥Ã¥È¤òÁ÷¤ë¤³¤È¤¬¤Ç¤¤ë¤è¤¦ÀßÄꤷ¤Æ¤¤¤ë
- ¥µ¥¤¥È¤¬¤·¤Ð¤·¤Ð¸ºß¤·¤Þ¤¹¡£proxy (ÂåÍý)
- ¥µ¡¼¥Ó¥¹¤ÏÄ̾ï¤Îǧ¾Úµ¡¹½¤è¤ê¤â¥»¥¥å¥ê¥Æ¥£¤ò
- ¶¯²½¤·¤Æ¤¢¤ë Í׺ɥۥ¹¥È¤ÇÆ°ºî¤µ¤»¤Þ¤¹¡£</para>
-
- <para>FreeBSD ¤Ï (IPFW ¤È¤·¤ÆÃΤé¤ì¤ë)
- ¥«¡¼¥Í¥ë¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¹þ¤ß¤ÇÄ󶡤µ¤ì¤Æ¤¤¤Þ¤¹¡£
- ¤³¤ÎÀá¤Î»Ä¤ê¤Ç¤Ï¡¢¤³¤Î¥Õ¥£¥ë¥¿¤Ë¤Ä¤¤¤Æ½¸Ã椷¤ÆÀâÌÀ¤·¤Þ¤¹¡£
- ¥µ¡¼¥É¥Ñ¡¼¥Æ¥£¤«¤éÄ󶡤µ¤ì¤ë¥½¥Õ¥È¥¦¥§¥¢¤ò»ÈÍѤ¹¤ë¤³¤È¤Ë¤è¤ê¡¢
- Proxy ¥µ¡¼¥Ð¤ò FreeBSD ¾å¤Ë¹½ÃÛ¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
- ¤·¤«¤·¡¢¸½ºßÆþ¼ê²Äǽ¤Ê
- proxy ¥µ¡¼¥Ð¤Ï¤¿¤¤¤Ø¤ó¥Ð¥é¥¨¥Æ¥£¤ËÉÙ¤ó¤Ç¤¤¤ë¤Î¤Ç¡¢
- ¤³¤ÎÀá¤Ç¤½¤ì¤é¤¹¤Ù¤Æ¤ò¥«¥Ð¡¼¤¹¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£</para>
-
- <sect3 xml:id="firewalls-packet-filters">
- <title>¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°¥ë¡¼¥¿</title>
-
- <para>¥ë¡¼¥¿¤È¤Ï¡¢Æó¤Ä¤Þ¤¿¤Ï¤½¤ì°Ê¾å¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Î´Ö¤Ç
- ¥Ñ¥±¥Ã¥È¤ÎžÁ÷¤ò¤ª¤³¤Ê¤¦¥Þ¥·¥ó¤Î¤³¤È¤Ç¤¹¡£
- ¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°¥ë¡¼¥¿¤Ï¡¢
- °ì¤Ä°ì¤Ä¤Î¥Ñ¥±¥Ã¥È¤ò¥ë¡¼¥ë¥ê¥¹¥È¤ÈÈæ³Ó¤·¤Æ¡¢
- žÁ÷¤¹¤ë¤«¤·¤Ê¤¤¤«¤ò·è¤á¤ë¤è¤¦¤Ë¥×¥í¥°¥é¥ß¥ó¥°¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
- ºÇ¶á¤Î IP ¥ë¡¼¥Æ¥£¥ó¥°¥½¥Õ¥È¥¦¥§¥¢¤Î¤Û¤È¤ó¤É¤Ï¡¢
- ÆâÉô¤Ë¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°µ¡Ç½¤ò»ý¤Ã¤Æ¤¤¤Æ¡¢
- ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤òžÁ÷¤¹¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
- ¤³¤Î¥Õ¥£¥ë¥¿¤ò͸ú¤Ë¤¹¤ë¤¿¤á¤Ë¤Ï¡¢
- ¥ë¡¼¥ë¤òÄêµÁ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <para>¥Ñ¥±¥Ã¥È¤òÄ̤¹¤Ù¤¤«Ä̤¹¤Ù¤¤Ç¤Ê¤¤¤«¤ò·è¤á¤ë¤¿¤á¤Ë¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ï¡¢
- ¥ë¡¼¥ë¥ê¥¹¥È¤«¤é¥Ñ¥±¥Ã¥È¥Ø¥Ã¥À¤ÎÆâÍƤ˥ޥåÁ¤¹¤ë¥ë¡¼¥ë¤¬¤Ê¤¤¤«¤É¤¦¤«¤òÄ´¤Ù¤Þ¤¹¡£
- ¥Þ¥Ã¥Á¤¹¤ë¥ë¡¼¥ë¤¬¸«¤Ä¤«¤ë¤È¡¢
- ¥ë¡¼¥ë¥¢¥¯¥·¥ç¥ó¤¬¼Â¹Ô¤µ¤ì¤Þ¤¹¡£¥ë¡¼¥ë¥¢¥¯¥·¥ç¥ó¤Ë¤Ï¡¢
- ¥Ñ¥±¥Ã¥È¤ò¼Î¤Æ¤ë¡¢¥Ñ¥±¥Ã¥È¤òžÁ÷¤¹¤ë¡¢
- ¤Þ¤¿¤Ï¥Ñ¥±¥Ã¥È¤Îȯ¿®¸µ¤Ë ICMP
- ¥á¥Ã¥»¡¼¥¸¤òÁ÷¤êÊÖ¤¹¤È¤¤¤¦¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£
- ¥ë¡¼¥ë¤Î¸¡º÷¤ÏÀèƬ¤«¤é½çÈ֤ˤª¤³¤Ê¤ï¤ì¡¢
- Ä̾ï¤ÏºÇ½é¤Ë¥Þ¥Ã¥Á¤·¤¿¤â¤Î¤À¤±¤¬ ŬÍѤµ¤ì¤Þ¤¹¡£¤½¤Î¤¿¤á¡¢
- ¤³¤Î¥ë¡¼¥ë¥ê¥¹¥È¤Ï<quote>¥ë¡¼¥ë¥Á¥§¡¼¥ó</quote>
- ¤È¸Æ¤Ð¤ì¤ë¤³¤È¤â¤¢¤ê¤Þ¤¹¡£</para>
-
- <para>¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¤Î´ð½à¤Ï»ÈÍѤ¹¤ë¥½¥Õ¥È¥¦¥§¥¢¤Ë
- ¤è¤Ã¤Æ°Û¤Ê¤ê¤Þ¤¹¤¬¡¢Ä̾ï¤Ï¥Ñ¥±¥Ã¥È¤Îȯ¿®¸µ IP ¥¢¥É¥ì¥¹¡¢
- °¸Àè IP ¥¢¥É¥ì¥¹¡¢È¯¿®¸µ¥Ý¡¼¥ÈÈֹ桢°¸Àè¥Ý¡¼¥ÈÈÖ¹æ
- (¥Ý¡¼¥ÈÈÖ¹æ¤Ï¥Ý¡¼¥È¤ò¥µ¥Ý¡¼¥È¤¹¤ë¥×¥í¥È¥³¥ë¤Î¾ì¹ç¤Î¤ß)¡¢
- ¥Ñ¥±¥Ã¥È¥¿¥¤¥× (UDP, TCP, ICMP ¤Ê¤É)
- ¤Ë´ð¤Å¤¯¥ë¡¼¥ë¤ò»ØÄꤹ¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
- </sect3>
-
- <sect3 xml:id="firewalls-proxy-servers">
- <title>Proxy ¥µ¡¼¥Ð</title>
-
- <para>Proxy ¥µ¡¼¥Ð¤È¤ÏÄ̾ï¤Î¥·¥¹¥Æ¥à¥Ç¡¼¥â¥ó
- (<application>telnetd</application>,
- <application>ftpd</application>
- ¤Ê¤É) ¤ò ÆÃÊ̤ʥµ¡¼¥Ð¤ÇÃÖ¤´¹¤¨¤¿¥Þ¥·¥ó¤Î¤³¤È¤Ç¤¹¡£
- ¤³¤ì¤é¤Î¥µ¡¼¥Ð¤Ï¡¢
- Ä̾ï¤ÏÃæ·Ñ¤ò¤ª¤³¤Ê¤Ã¤ÆÆÃÄêÊý¸þ¤Ø¤ÎÀܳ¤À¤±¤òµö¤¹¤¿¤á¡¢
- <emphasis>proxy ¥µ¡¼¥Ð</emphasis> ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£(¤¿¤È¤¨¤Ð)
- proxy <application>telnet</application>
- ¥µ¡¼¥Ð¤ò¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥Û¥¹¥È¤ÇÁö¤é¤»¤Æ¤ª¤¤Þ¤¹¡£
- ³°Éô¤«¤é¥æ¡¼¥¶¤¬¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ËÂФ·¤Æ
- <application>telnet</application>
- ¤ò¼Â¹Ô¤¹¤ë¤È¡¢proxy telnet ¥µ¡¼¥Ð¤¬±þÅú¤·¤Æ¡¢
- ²¿¤é¤«¤Îǧ¾Úµ¡¹½¤ò¼Â¹Ô¤·¤Þ¤¹¡£¤³¤ì¤òÄ̲ᤷ¤¿¸å¤Ç¡¢
- ÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î¥¢¥¯¥»¥¹¤¬¤ª¤³¤Ê¤¨¤ë¤è¤¦¤Ë ¤Ê¤ë¤Î¤Ç¤¹¡£
- (ÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é¤Î¿®¹æ¤Ï proxy
- ¥µ¡¼¥Ð¤¬¤«¤ï¤ê¤Ë¼õ¤±¼è¤ê¡¢³°¤Ø¸þ¤±¤ÆÁ÷¤ê½Ð¤·¤Þ¤¹)¡£</para>
-
- <para>Proxy ¥µ¡¼¥Ð¤ÏÄ̾
- ÉáÄ̤Υµ¡¼¥Ð¤è¤ê·ø¸Ç¤Ë¹½ÃÛ¤µ¤ì¤Æ¤¤¤Æ¡¢¤·¤Ð¤·¤Ð
- <quote>»È¤¤¼Î¤Æ</quote>¥Ñ¥¹¥ï¡¼¥É¥·¥¹¥Æ¥à¤Ê¤É¤ò´Þ¤à¡¢
- ¿ÍͤÊǧ¾Úµ¡¹½¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£
- <quote>»È¤¤¼Î¤Æ</quote>¥Ñ¥¹¥ï¡¼¥É¥·¥¹¥Æ¥à¤È¤Ï¡¢
- ¤É¤¦¤¤¤¦¤â¤Î¤Ê¤Î¤Ç¤·¤ç¤¦¤«¡£²¾¤Ë狼¤¬²¿¤é¤«¤ÎÊýË¡¤Ç¡¢
- ¤¢¤Ê¤¿¤¬»ÈÍѤ·¤¿¥Ñ¥¹¥ï¡¼¥É¤ò¼ê¤ËÆþ¤ì¤¿¤È¤·¤Þ¤¹¡£¤·¤«¤·¡¢
- ºÇ½é¤Ë»ÈÍѤ·¤¿Ä¾¸å¤Ë¡¢
- ¤½¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï´û¤Ë̵¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¤¹¡£¤Ç¤¹¤«¤é¡¢
- ¤½¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¤â¤¦°ìÅÙ»ÈÍѤ·¤¿¤È¤·¤Æ¤â¡¢¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥à¤Ø
- ¥¢¥¯¥»¥¹¤¹¤ë¤³¤È¤Ï¤Ç¤¤Ê¤¤¤È¤¤¤¦¤ï¤±¤Ç¤¹¡£
- ¤³¤ì¤é¤Î¥µ¡¼¥Ð¤ÏÃæ·Ñ¤ò¤ª¤³¤Ê¤¦¤À¤±¤Ç¡¢
- ¼ÂºÝ¤Î¤È¤³¤í¥µ¡¼¥Ð¥Û¥¹¥È¼«¿È¤Ø¤Î
- ¥¢¥¯¥»¥¹¤ò¥æ¡¼¥¶¤Ëµö¤·¤Æ¤Ï¤¤¤Þ¤»¤ó¡£¤½¤Î¤¿¤á¡¢
- ²¿¼Ô¤«¤¬¥»¥¥å¥ê¥Æ¥£¥·¥¹¥Æ¥à¤Ë
- ¿¯ÆþÍѤÎ΢¸ý¤ò¼è¤êÉÕ¤±¤ë¤³¤È¤Ï¡¢
- ¤è¤êº¤Æñ¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£</para>
-
- <para>proxy ¥µ¡¼¥Ð¤Ï¥¢¥¯¥»¥¹À©¸Â¤ÎÊýË¡¤ò¤¤¤¯¤Ä¤â»ý¤Ã¤Æ¤¤¤Æ¡¢
- ÆÃÄê¤Î¥Û¥¹¥È¤À¤±¤¬¥µ¡¼¥Ð¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÆÀ¤ë¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
- ¤½¤·¤Æ¡¢
- ´ÉÍý¼Ô¤ÏÌÜŪ¤Î¥Þ¥·¥ó¤ÈÄÌ¿®¤Ç¤¤ë¥æ¡¼¥¶¤òÀ©¸Â¤¹¤ë¤è¤¦¤ËÀßÄê¤Ç¤¤Þ¤¹¡£
- ¤â¤¦°ìÅÙ¸À¤¤¤Þ¤¹¤¬¡¢
- ¤É¤ó¤Ê¥Õ¥¡¥·¥ê¥Æ¥£ (µ¡Ç½) ¤¬»È¤¨¤ë¤«¤Ï¡¢¤É¤ó¤Ê proxy
- ¥µ¡¼¥Ó¥¹¤ò¤ª¤³¤Ê¤¦¥½¥Õ¥È¥¦¥§¥¢¤òÁª¤Ö¤«¤ËÂ礤¯
- °Í¸¤·¤Þ¤¹¡£</para>
- </sect3>
- </sect2>
-
- <sect2>
- <title>IPFW ¤Ç²¿¤¬¤Ç¤¤ë¤«</title>
- <indexterm><primary><command>ipfw</command></primary></indexterm>
-
- <para>FreeBSD ¤È¤È¤â¤ËÇÛÉÛ¤µ¤ì¤Æ¤¤¤ë IPFW ¤Ï¡¢
- ¥«¡¼¥Í¥ëÆâÉô¤Ë¤¢¤Ã¤Æ¥Ñ¥±¥Ã¥È¤Î¥Õ¥£¥ë¥¿¥ê¥ó¥°¤È¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¤ò¤ª¤³¤Ê¤¦¥·¥¹¥Æ¥à¤Ç¤¢¤ê¡¢
- ¥æ¡¼¥¶Â¦¤Î¥³¥ó¥È¥í¡¼¥ë¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¤¢¤ë &man.ipfw.8;
- ¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£
- ¥ë¡¼¥Æ¥£¥ó¥°¤Î·èÄê¤ò¤ª¤³¤Ê¤¦ºÝ¤Ë¡¢¤³¤ì¤é¤Ï¸ß¤¤¤Ë¶¨ÎϤ·¤Æ¡¢
- ¥«¡¼¥Í¥ë¤Ç»ÈÍѤµ¤ì¤ë¥ë¡¼¥ë¤òÄêµÁ¤·¤¿¤ê¡¢
- »ÈÍѤµ¤ì¤Æ¤¤¤ë¥ë¡¼¥ë¤òÌ䤤¹ç¤ï¤»¤¿¤ê¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
-
- <para>IPFW ¤Ï¸ß¤¤¤Ë´ØÏ¢¤¹¤ëÆó¤Ä¤ÎÉôʬ¤«¤é¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥»¥¯¥·¥ç¥ó¤Ï¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°¤ò¤ª¤³¤Ê¤¤¤Þ¤¹¡£
- ¤Þ¤¿¡¢IP ¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¥»¥¯¥·¥ç¥ó¤Ï¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥»¥¯¥·¥ç¥ó¤Î¤â¤Î¤È»÷¤¿¥ë¡¼¥ë¤Ë´ð¤Å¤¤¤Æ¥ë¡¼¥¿¤Î»ÈÍѤòÄÉÀפ·¤Þ¤¹¡£
- ¤³¤ì¤Ë¤è¤ê¡¢¤¿¤È¤¨¤Ð¡¢
- ´ÉÍý¼Ô¤ÏÆÃÄê¤Î¥Þ¥·¥ó¤«¤é¥ë¡¼¥¿¤Ø¤Î¥È¥é¥Õ¥£¥Ã¥¯¤¬¤É¤Î¤¯¤é¤¤È¯À¸¤·¤Æ¤¤¤ë¤«¤òÄ´¤Ù¤¿¤ê¡¢
- ¤É¤ì¤À¤±¤Î WWW
- ¥È¥é¥Õ¥£¥Ã¥¯¤¬¥Õ¥©¥ï¡¼¥É¤µ¤ì¤Æ¤¤¤ë¤«¤òÃΤ뤳¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
-
- <para>IPFW ¤Ï¡¢
- ¥ë¡¼¥¿¤Ç¤Ï¤Ê¤¤¥Þ¥·¥ó¤Ë¤ª¤¤¤Æ¤âÆþ½ÐÎÏ¥³¥Í¥¯¥·¥ç¥ó¤Î
- ¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°¤Î¤¿¤á¤Ë»ÈÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤ËÀ߷פµ¤ì¤Æ¤¤¤Þ¤¹¡£
- ¤³¤ì¤Ï°ìÈÌŪ¤Ê IPFW ¤Î»ÈÍÑË¡¤È¤Ï°Û¤Ê¤ëÆÃÊ̤ʻȤ¤Êý¤Ç¤¹¤¬¡¢
- ¤³¤¦¤¤¤Ã¤¿¾õ¶·¤Ç¤âƱ¤¸¥³¥Þ¥ó¥É¤È¥Æ¥¯¥Ë¥Ã¥¯¤¬»ÈÍѤµ¤ì¤Þ¤¹¡£</para>
- </sect2>
-
- <sect2>
- <title>FreeBSD ¤Ç IPFW ¤ò͸ú¤Ë¤¹¤ë</title>
- <indexterm>
- <primary><command>ipfw</command></primary>
- <secondary>͸ú²½</secondary>
- </indexterm>
-
- <para>IPFW ¥·¥¹¥Æ¥à¤ÎÃæ¿´¤È¤Ê¤ëÉôʬ¤Ï¥«¡¼¥Í¥ëÆâÉô¤Ë¤¢¤ê¤Þ¤¹¡£
- ¤½¤Î¤¿¤á¡¢¤É¤Î¥Õ¥¡¥·¥ê¥Æ¥£ (µ¡Ç½) ¤òɬÍפȤ¹¤ë¤«¤Ë¤è¤Ã¤Æ¡¢
- 1 ¤Ä¤Þ¤¿¤ÏÊ£¿ô¤Î¥ª¥×¥·¥ç¥ó¤ò¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤ËÄɲä·¡¢
- ¥«¡¼¥Í¥ë¤òºÆ¥³¥ó¥Ñ¥¤¥ë¤¹¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£
- ¥«¡¼¥Í¥ë¤ÎºÆ¥³¥ó¥Ñ¥¤¥ëÊýË¡¤Î¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
- ¡Ö¥«¡¼¥Í¥ë¤Î¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¡×(<xref linkend="kernelconfig"/>)
- ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
-
- <warning>
- <para>IPFW ¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥Ý¥ê¥·¡¼¤Ï <literal>deny ip from any to
- any</literal> ¤Ç¤¹¡£
- ¥¹¥¿¡¼¥È¥¢¥Ã¥×»þ¤Ë¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ë¤è¤¦¤Ê¥ë¡¼¥ë¤òÄɲ䷤Ƥ¤¤Ê¤¤¤È¡¢
- ¥µ¡¼¥Ð¤¬¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î͸ú¤Ê¥«¡¼¥Í¥ë¤ÇºÆµ¯Æ°¤·¤¿¸å¡¢
- <emphasis>¼«Ê¬¼«¿È¤ò¥í¥Ã¥¯¥¢¥¦¥È</emphasis> ¤·¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
- ¤³¤Îµ¡Ç½¤ò½é¤á¤Æ»È¤¦¤È¤¤Ë¤Ï¡¢
- <filename>/etc/rc.conf</filename> ¥Õ¥¡¥¤¥ë¤Ë¤ª¤¤¤Æ¡¢
- <literal>firewall_type=open</literal> ¤ÈÀßÄꤹ¤ë¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£
- ¿·¤·¤¤¥«¡¼¥Í¥ë¤Îµ¡Ç½¤¬Å¬Àڤ˵¡Ç½¤·¤Æ¤¤¤ë¤³¤È¤ò³Îǧ¸å¡¢
- <filename>/etc/rc.firewall</filename>
- ¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥ë¡¼¥ë¤òÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£
- ¤â¤·¤â¤Î¤È¤¤Î¤¿¤á¤Ë¡¢
- ºÇ½é¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ÎÀßÄê¤ò <application>ssh</application>
- ¤Ç¤Ï¤Ê¤¯¡¢¥í¡¼¥«¥ë¤Î¥³¥ó¥½¡¼¥ë¤Ç¹Ô¤¦¤ÈÎɤ¤¤Ç¤·¤ç¤¦¡£
- ¾¤ÎÊýË¡¤Ï¡¢¥«¡¼¥Í¥ë¤ò <literal>IPFIREWALL</literal> ¤ª¤è¤Ó
- <literal>IPFIREWALL_DEFAULT_TO_ACCEPT</literal>
- ¥ª¥×¥·¥ç¥ó¤Ç¹½ÃÛ¤¹¤ë¤³¤È¤Ç¤¹¡£
- ¤³¤ì¤Ë¤è¤ê IPFW ¤Î¥Ç¥Õ¥©¥ë¥È¥ë¡¼¥ë¤Ï¡¢
- <literal>allow ip from any to any</literal> ¤È¤Ê¤ê¡¢
- ¥í¥Ã¥¯¥¢¥¦¥È¤Î²ÄǽÀ¤¬Ä㤯¤Ê¤ê¤Þ¤¹¡£</para>
- </warning>
-
- <para>¸½ºß¡¢IPFW
- ¤Ë´Ø·¸¤¹¤ë¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥ª¥×¥·¥ç¥ó¤Ï
- 4 ¤Ä¤¢¤ê¤Þ¤¹¡£</para>
-
- <variablelist>
- <varlistentry><term><literal>options IPFIREWALL</literal></term>
- <listitem>
- <para>¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°¤Î¤¿¤á¤Î¥³¡¼¥É¤ò
- ¥«¡¼¥Í¥ë¤ËÁȤ߹þ¤ß¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term><literal>
- options IPFIREWALL_VERBOSE</literal></term>
- <listitem>
- <para>&man.syslogd.8; ¤òÄ̤¸¤Æ
- ¥Ñ¥±¥Ã¥È¤Î¥í¥°¤ò¼è¤ë¤¿¤á¤Î¥³¡¼¥É¤ò͸ú¤Ë¤·¤Þ¤¹¡£
- ¥Õ¥£¥ë¥¿¥ë¡¼¥ë¤Ç¥Ñ¥±¥Ã¥È¤Î¥í¥°¤ò¼è¤ë¤è¤¦¤Ë»ØÄꤷ¤Æ¤â¡¢
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¡¢
- ¥í¥°¤ò¼è¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term><literal>
- options IPFIREWALL_VERBOSE_LIMIT=10</literal></term>
- <listitem>
- <para>&man.syslogd.8; ¤òÄ̤¸¤Æ
- ¥í¥°¤ò¼è¤ë¥Ñ¥±¥Ã¥È¤Î¿ô¤ò¥¨¥ó¥È¥êËè¤ËÀ©¸Â¤·¤Þ¤¹¡£
- ŨÂÐŪ¤Ê´Ä¶¤Ë¤ª¤¤¤Æ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î
- Æ°ºî¤Î¥í¥°¤ò¼è¤ê¤¿¤¤¤±¤ì¤É¡¢
- syslog ¤Î¹¿¿å¤Ë¤è¤ë¥µ¡¼¥Ó¥¹µñÀ乶·â¤ËÂФ·
- ̵ËÉÈ÷¤Ç¤¢¤ê¤¿¤¯¤Ê¤¤¤È¤¤¤¦¾ì¹ç¤Ë¡¢
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤¿¤¤¤È»×¤¦¤³¤È¤¬
- ¤¢¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
-
- <para>¥Á¥§¡¼¥ó¥¨¥ó¥È¥ê¤Î¥í¥°¤¬»ØÄꤵ¤ì¤¿À©¸Â¿ô¤Ë㤹¤ë¤È¡¢
- ¤½¤Î¥¨¥ó¥È¥ê¤Ë´Ø¤¹¤ë¥í¥°¼è¤ê¤ÏÄä»ß¤µ¤ì¤Þ¤¹¡£
- ¥í¥°¼è¤ê¤òºÆ³«¤¹¤ë¤Ë¤Ï¡¢&man.ipfw.8;
- ¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤ò»ÈÍѤ·¤Æ
- ´ØÏ¢¤¹¤ë¥«¥¦¥ó¥¿¤ò¥ê¥»¥Ã¥È¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
-
- <screen>&prompt.root; <userinput>ipfw zero 4500</userinput></screen>
-
- <para>4500 ¤È¤Ï¡¢
- ¥í¥°¼è¤ê¤ò³¹Ô¤·¤¿¤¤¥Á¥§¡¼¥ó¥¨¥ó¥È¥ê¤ÎÈÖ¹æ¤Ç¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><literal>options IPFIREWALL_DEFAULT_TO_ACCEPT</literal></term>
-
- <listitem>
- <para>¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Î¥ë¡¼¥ë¤ò <quote>deny</quote>
- ¤«¤é <quote>allow</quote> ¤Ø¤ÈÊѹ¹¤·¤Þ¤¹¡£
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤³¤È¤Ç¡¢
- ¥«¡¼¥Í¥ë¤Ë <literal>IPFIREWALL</literal>
- ¤Î¥µ¥Ý¡¼¥È¤òÁȤ߹þ¤ó¤À¸å¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òÀßÄꤷ¤Æ¤¤¤Ê¤¯¤È¤â¡¢
- ¼«Ê¬¼«¿È¤ò¥í¥Ã¥¯¤·¤Æ¤·¤Þ¤¦¤³¤È¤òÈò¤±¤é¤ì¤Þ¤¹¡£
- ¤¢¤ëÆÃÄê¤ÎÌäÂê¤ò¥Õ¥£¥ë¥¿¥ê¥ó¥°¤¹¤ë¤¿¤á¤Ë
- &man.ipfw.8; ¤òÎɤ¯»È¤¦¤Î¤Ç¤¢¤ì¤Ð¡¢
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤ÏÈó¾ï¤ËÍÍѤǤ¹¡£
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò³«¤¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¿¶¤ëÉñ¤¤¤ò¤³¤ì¤Þ¤Ç¤ÈÊѤ¨¤Æ¤·¤Þ¤¦¤Î¤Ç¡¢
- Ãí°Õ¿¼¤¯»È¤Ã¤Æ¤¯¤À¤µ¤¤¡£</para>
-
- </listitem>
- </varlistentry>
- </variablelist>
-
- <note><para>°ÊÁ°¤Î¥Ð¡¼¥¸¥ç¥ó¤Î FreeBSD ¤Ï
- <literal>IPFIREWALL_ACCT</literal> ¤È¤¤¤¦¥ª¥×¥·¥ç¥ó¤ò
- »ý¤Ã¤Æ¤¤¤Þ¤·¤¿¡£¤·¤«¤·¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥³¡¼¥É¤¬¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¥Õ¥¡¥·¥ê¥Æ¥£ (µ¡Ç½) ¤ò
- ¼«Æ°Åª¤Ë´Þ¤à¤è¤¦¤Ë¤Ê¤Ã¤¿¤¿¤á¡¢
- ¸½ºß¤Ç¤Ï»ÈÍѤµ¤ì¤ë¤³¤È¤Ï¤Ê¤¯¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£</para></note>
- </sect2>
-
- <sect2>
- <title>IPFW ¤ÎÀßÄê</title>
- <indexterm>
- <primary>ipfw</primary>
- <secondary>ÀßÄê</secondary>
- </indexterm>
-
- <para>IPFW ¥½¥Õ¥È¥¦¥§¥¢¤ÎÀßÄê¤Ï &man.ipfw.8;
- ¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÄ̤¸¤Æ¤ª¤³¤Ê¤¤¤Þ¤¹¡£
- ¤³¤Î¥³¥Þ¥ó¥É¤Î¹½Ê¸¤ÏÈó¾ï¤ËÊ£»¨¤Ë¸«¤¨¤Þ¤¹¤¬¡¢
- °ìö¤½¤Î¹½Â¤¤òÍý²ò¤¹¤ì¤ÐÈæ³ÓŪñ½ã¤Ç¤¹¡£</para>
-
- <para>¤³¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¤Ïº£¤Î¤È¤³¤í»Í¤Ä¤Î°Û¤Ê¤ë
- ¥³¥Þ¥ó¥É¥«¥Æ¥´¥ê¤¬ »ÈÍѤµ¤ì¤Æ¤¤¤Þ¤¹: ¤½¤ì¤ÏÄɲà / ºï½ü¡¢É½¼¨¡¢
- ¥Õ¥é¥Ã¥·¥å¡¢¤ª¤è¤Ó¥¯¥ê¥¢¤Ç¤¹¡£Äɲà /
- ºï½ü¤Ï¥Ñ¥±¥Ã¥È¤Î¼õ¤±Æþ¤ì¡¢µñÀä¡¢¥í¥°¼è¤ê¤ò¤É¤Î¤è¤¦¤Ë¤ª¤³¤Ê¤¦¤«
- ¤È¤¤¤¦¥ë¡¼¥ë¤ò¹½ÃÛ¤¹¤ë¤Î¤Ë»ÈÍѤ·¤Þ¤¹¡£É½¼¨¤Ï¥ë¡¼¥ë¥ê¥¹¥È
- (¤Þ¤¿¤Ï¥Á¥§¡¼¥ó) ¤È (¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°ÍÑ) ¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤Î
- ÆâÍƤòÄ´¤Ù¤ë¤Î¤Ë»ÈÍѤ·¤Þ¤¹¡£
- ¥Õ¥é¥Ã¥·¥å¤Ï¥Á¥§¡¼¥ó¤«¤é¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤ò
- ¼è¤ê½ü¤¯¤Î¤Ë»ÈÍѤ·¤Þ¤¹¡£
- ¥¯¥ê¥¢¤Ï°ì¤Ä¤Þ¤¿¤Ï¤½¤ì°Ê¾å¤Î¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¥¨¥ó¥È¥ê¤ò
- ¥¼¥í¤Ë¤¹¤ë¤Î¤Ë »ÈÍѤ·¤Þ¤¹¡£</para>
-
- <sect3>
- <title>IPFW ¥ë¡¼¥ë¤ÎÊѹ¹</title>
-
- <para>¤³¤Î·Á¼°¤Ç¤Î»ÈÍÑË¡¤Ï:
- <cmdsynopsis>
- <command>ipfw</command>
- <arg>-N</arg>
- <arg choice="plain">¥³¥Þ¥ó¥É</arg>
- <arg>index</arg>
- <arg choice="plain">¥¢¥¯¥·¥ç¥ó</arg>
- <arg>log</arg>
- <arg choice="plain">¥×¥í¥È¥³¥ë</arg>
- <arg choice="plain">¥¢¥É¥ì¥¹</arg>
- <arg>¥ª¥×¥·¥ç¥ó</arg>
- </cmdsynopsis>
- </para>
-
- <para>¤³¤Î·Á¼°¤Ç»ÈÍѤ¹¤ëºÝ¤Ë͸ú¤Ê¥Õ¥é¥°¤Ï°ì¤Ä¤À¤±¤Ç¤¹¡£</para>
-
- <variablelist>
- <varlistentry><term>-N</term>
- <listitem>
- <para>¥¢¥É¥ì¥¹¤ä¥µ¡¼¥Ó¥¹Ì¾¤ò
- ʸ»úÎó¤ËÊÑ´¹¤·¤Æɽ¼¨¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para><emphasis> ¥³¥Þ¥ó¥É </emphasis>
- ¤Ï°ì°Õ¤Ç¤¢¤ë¸Â¤êû½Ì²Äǽ¤Ç¤¹¡£Í¸ú¤Ê <emphasis> ¥³¥Þ¥ó¥É
- </emphasis> ¤Ï</para>
-
- <variablelist>
- <varlistentry><term>add</term>
- <listitem>
- <para>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë / ¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¥ë¡¼¥ë¥ê¥¹¥È¤Ë
- ¥¨¥ó¥È¥ê¤òÄɲä·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>delete</term>
- <listitem>
- <para>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë /
- ¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¥ë¡¼¥ë¥ê¥¹¥È¤«¤é
- ¥¨¥ó¥È¥ê¤òºï½ü¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para>°ÊÁ°¤Î¥Ð¡¼¥¸¥ç¥ó¤Î IPFW ¤Ç¤Ï¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥¨¥ó¥È¥ê¤È
- ¥Ñ¥±¥Ã¥È¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¥¨¥ó¥È¥ê¤¬ÊÌ¡¹¤ËÍøÍѤµ¤ì¤Æ¤¤¤Þ¤·¤¿¡£
- ¸½ºß¤Î¥Ð¡¼¥¸¥ç¥ó¤Ç¤Ï¡¢¤½¤ì¤¾¤ì¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥¨¥ó¥È¥êËè¤Ë
- ¥Ñ¥±¥Ã¥È¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¥¨¥ó¥È¥ê¤¬È÷¤¨¤é¤ì¤Æ¤¤¤Þ¤¹¡£</para>
-
- <para><emphasis>index</emphasis> Ãͤ¬»ØÄꤵ¤ì¤Æ¤¤¤ë¤È¡¢
- ¥¨¥ó¥È¥ê¤Ï¥Á¥§¡¼¥óÃæ¤Î»Ø¼¨¤µ¤ì¤¿°ÌÃÖ¤ËÃÖ¤«¤ì¤Þ¤¹¡£
- <emphasis>index</emphasis> Ãͤ¬»ØÄꤵ¤ì¤Æ ¤¤¤Ê¤±¤ì¤Ð¡¢
- ¥¨¥ó¥È¥ê¤Ï (65535 È֤Υǥե©¥ë¥È¥ë¡¼¥ë¤Ç¤¢¤ë
- ¥Ñ¥±¥Ã¥ÈµñÀä¤òÊ̤ˤ·¤Æ) ºÇ¸å¤Î¥Á¥§¡¼¥ó¥¨¥ó¥È¥ê¤Î index ¤Ë
- 100 ¤ò¤·¤¿ °ÌÃÖ (¥Á¥§¡¼¥ó¤ÎºÇ¸å) ¤ËÃÖ¤«¤ì¤Þ¤¹¡£</para>
-
- <para>¥«¡¼¥Í¥ë¤¬ <literal>IPFIREWALL_VERBOSE</literal>
- ¤Ä¤¤Ç¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢<literal>log</literal>
- ¥ª¥×¥·¥ç¥ó¤Ï¥Þ¥Ã¥Á¤·¤¿¥ë¡¼¥ë¤ò
- ¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë¤Ë½ÐÎϤµ¤»¤Þ¤¹¡£</para>
-
- <para>͸ú¤Ê <emphasis> ¥¢¥¯¥·¥ç¥ó </emphasis> ¤Ï:</para>
-
- <variablelist>
- <varlistentry><term>reject</term>
- <listitem>
- <para>¥Ñ¥±¥Ã¥È¤ò¼Î¤Æ¤Þ¤¹¡£ICMP ¥Û¥¹¥È /
- ¥Ý¡¼¥ÈÅþãÉÔǽ¥Ñ¥±¥Ã¥È¤ò (ŬÀÚ¤ÊÊý¤ò)
- ȯ¿®¸µ¤ØÁ÷¤ê¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>allow</term>
- <listitem>
- <para>Ä̾ïÄ̤ê¥Ñ¥±¥Ã¥È¤òÄ̲ᤵ¤»¤Þ¤¹¡£(ÊÌ̾:
- <literal>pass</literal>,
- <literal>permit</literal> ¤ª¤è¤Ó
- <literal>accept</literal>)</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>deny</term>
- <listitem>
- <para>¥Ñ¥±¥Ã¥È¤ò¼Î¤Æ¤Þ¤¹¡£È¯¿®¸µ¤Ï ICMP ¥á¥Ã¥»¡¼¥¸¤Ë¤è¤ë
- ÄÌÃΤò¼õ¤±¤Þ¤»¤ó (¤½¤Î¤¿¤á¥Ñ¥±¥Ã¥È¤¬
- °¸Àè¤ËÅþ㤷¤Ê¤«¤Ã¤¿¤è¤¦¤Ë¸«¤¨¤Þ¤¹)¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>count</term>
- <listitem>
- <para>¤³¤Î¥ë¡¼¥ë¤Ï¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤ò¹¹¿·¤¹¤ë¤À¤±¤Ç¡¢
- ¥Ñ¥±¥Ã¥È¤ò Ä̲ᤵ¤»¤¿¤êµñÀ䤷¤¿¤ê¤·¤Þ¤»¤ó¡£
- ¸¡º÷¤Ï¼¡¤Î¥Á¥§¡¼¥ó¥¨¥ó¥È¥ê¤«¤é³¤±¤é¤ì¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para>¤½¤ì¤¾¤ì¤Î <emphasis> ¥¢¥¯¥·¥ç¥ó </emphasis>
- ¤Ï°ì°Õ¤ÊÀèƬÉôʬ¤À¤±¤Ç¤âǧ¼±¤µ¤ì¤Þ¤¹¡£</para>
-
- <para>»ØÄê²Äǽ¤Ê <emphasis> ¥×¥í¥È¥³¥ë </emphasis>
- ¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¹¡£</para>
-
- <variablelist>
- <varlistentry><term>all</term>
- <listitem>
- <para>Ǥ°Õ¤Î IP ¥Ñ¥±¥Ã¥È¤Ë¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>icmp</term>
- <listitem>
- <para>ICMP ¥Ñ¥±¥Ã¥È¤Ë¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>tcp</term>
- <listitem>
- <para>TCP ¥Ñ¥±¥Ã¥È¤Ë¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>udp</term>
- <listitem>
- <para>UDP ¥Ñ¥±¥Ã¥È¤Ë¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para><emphasis> ¥¢¥É¥ì¥¹ </emphasis> ¤Î»ØÄê¤Ï:</para>
- <cmdsynopsis>
- <arg choice="plain">from</arg>
- <arg choice="plain"><replaceable>address/mask</replaceable></arg>
- <arg><replaceable>port</replaceable></arg>
- <arg choice="plain">to</arg>
- <arg choice="plain"><replaceable>address/mask</replaceable></arg>
- <arg><replaceable>port</replaceable></arg>
- <arg>via <replaceable>interface</replaceable></arg>
- </cmdsynopsis>
-
- <para><replaceable>port</replaceable> ¤Ï¥Ý¡¼¥È¤ò¥µ¥Ý¡¼¥È¤¹¤ë
- <emphasis> ¥×¥í¥È¥³¥ë </emphasis> (UDP ¤È TCP) ¤Î
- ¾ì¹ç¤Ë¤À¤±»ØÄê²Äǽ¤Ç¤¹¡£</para>
-
- <para><option>via</option> ¤Ïɬ¿Ü¤Ç¤Ï¤Ê¤¯¡¢
- ÆÃÄê¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ̤äƤ¤¿¥Ñ¥±¥Ã¥È
- ¤À¤±¤Ë¥Þ¥Ã¥Á¤¹¤ë¤è¤¦¤Ë¡¢IP ¥¢¥É¥ì¥¹¤Þ¤¿¤Ï¥í¡¼¥«¥ë IP
- ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î ¥É¥á¥¤¥ó̾¡¢¤Þ¤¿¤Ï¥¤¥ó¥¿¥Õ¥§¡¼¥¹Ì¾
- (¤¿¤È¤¨¤Ð <filename>ed0</filename>) ¤ò
- »ØÄꤹ¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
- ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¥æ¥Ë¥Ã¥ÈÈÖ¹æ¤Ï¥ª¥×¥·¥ç¥ó¤Ç¡¢
- ¥ï¥¤¥ë¥É¥«¡¼¥É¤Ç»ØÄꤹ¤ë¤³¤È¤¬ ¤Ç¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢
- <literal>ppp*</literal> ¤Ï¤¹¤Ù¤Æ¤Î¥«¡¼¥Í¥ë PPP
- ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ë ¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
-
- <para><replaceable>address/mask</replaceable> ¤Î»ØÄê¤Ï:
-
- <screen><replaceable>address</replaceable></screen>
-
- ¤Þ¤¿¤Ï
-
- <screen><replaceable>address</replaceable>/<replaceable>mask-bits</replaceable></screen>
-
- ¤Þ¤¿¤Ï
-
- <screen><replaceable>address</replaceable>:<replaceable>mask-pattern</replaceable></screen>
- </para>
-
- <para>IP
- ¥¢¥É¥ì¥¹¤Î¤«¤ï¤ê¤Ë͸ú¤Ê¥Û¥¹¥È̾¤ò»ØÄꤹ¤ë¤³¤È¤â²Äǽ¤Ç¤¹¡£
- <option><replaceable>mask-bits</replaceable></option>
- ¤Ï¥¢¥É¥ì¥¹¥Þ¥¹¥¯¤Ç¾å°Ì²¿¥Ó¥Ã¥È¤ò£±¤Ë¤¹¤ë¤Ù¤¤«¤ò
- ¼¨¤¹½½¿Ê¿ôÃͤǤ¹¡£¤¿¤È¤¨¤Ð¼¡¤Î»ØÄê¡¢
- <systemitem class="netmask">192.216.222.1/24</systemitem> ¤Ï¥¯¥é¥¹ C ¤Î¥µ¥Ö¥Í¥Ã¥È
- (¤³¤Î¾ì¹ç <systemitem class="ipaddress">192.216.222</systemitem>)
- ¤ÎǤ°Õ¤Î¥¢¥É¥ì¥¹¤Ë¥Þ¥Ã¥Á¤¹¤ë¥Þ¥¹¥¯¤òºîÀ®¤·¤Þ¤¹¡£
- <option><replaceable>mask-pattern</replaceable></option>
- ¤ÏÍ¿¤¨¤é¤ì¤¿¥¢¥É¥ì¥¹¤È ÏÀÍý AND ¤µ¤ì¤ë IP ¥¢¥É¥ì¥¹¤Ç¤¹¡£
- ¥¡¼¥ï¡¼¥É <literal>any</literal> ¤Ï<quote>Ǥ°Õ¤Î IP
- ¥¢¥É¥ì¥¹</quote>¤ò»ØÄꤹ¤ë¤¿¤á¤Ë
- »ÈÍѤ¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
-
- <para>¥Ö¥í¥Ã¥¯¤¹¤ë¥Ý¡¼¥ÈÈÖ¹æ¤Ï°Ê²¼¤Î¤è¤¦¤Ë»ØÄꤷ¤Þ¤¹:
-
- <cmdsynopsis>
- <arg choice="plain"><replaceable>port</replaceable><arg>,
- <replaceable>port</replaceable><arg>,
- <replaceable>port</replaceable><arg>…
- </arg></arg></arg></arg>
- </cmdsynopsis>
-
- ¤Î¤è¤¦¤ËñÆȤΥݡ¼¥È¤Þ¤¿¤Ï¥Ý¡¼¥È¤Î¥ê¥¹¥È¤ò»ØÄꤷ¤Þ¤¹¡£
- ¤Þ¤¿¤Ï
-
- <cmdsynopsis>
- <arg choice="plain"><replaceable>port</replaceable>-
- <replaceable>port</replaceable></arg>
- </cmdsynopsis>
-
- ¤Î¤è¤¦¤Ë¥Ý¡¼¥È¤ÎÈϰϤò»ØÄꤷ¤Þ¤¹¡£
- ñÆȤΥݡ¼¥È¤È¥Ý¡¼¥È¤Î¥ê¥¹¥È¤ò
- ÁȤ߹ç¤ï¤»¤Æ»ØÄꤹ¤ë¤³¤È¤â²Äǽ¤Ç¤¹¤¬¡¢
- ¤½¤Î¾ì¹ç¤Ï¾ï¤ËÈϰϤÎÊý¤ò
- ºÇ½é¤Ë»ØÄꤷ¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
-
- <para>»ÈÍѲÄǽ¤Ê <emphasis> ¥ª¥×¥·¥ç¥ó </emphasis> ¤Ï:</para>
-
- <variablelist>
- <varlistentry><term>frag</term>
- <listitem>
- <para>¥Ç¡¼¥¿¥°¥é¥à¤ÎºÇ½é¤Î
- ¥Õ¥é¥°¥á¥ó¥È¤Ç¤Ê¤±¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>in</term>
- <listitem>
- <para>ÆþÎÏÅÓÃæ¤Î¥Ñ¥±¥Ã¥È¤Ç¤¢¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>out</term>
- <listitem>
- <para>½ÐÎÏÅÓÃæ¤Î¥Ñ¥±¥Ã¥È¤Ç¤¢¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>ipoptions <replaceable>spec</replaceable></term>
- <listitem>
- <para>IP ¥Ø¥Ã¥À¤¬ <replaceable>spec</replaceable>
- ¤Ë»ØÄꤵ¤ì¤¿ ¥«¥ó¥Þ¤Ç¶èÀÚ¤é¤ì¤¿
- ¥ª¥×¥·¥ç¥ó¤Î¥ê¥¹¥È¤ò´Þ¤ó¤Ç¤¤¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- ¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë IP ¥ª¥×¥·¥ç¥ó¤Ï¡¢
- <literal>ssrr</literal> (¥¹¥È¥ê¥¯¥È¥½¡¼¥¹¥ë¡¼¥È)¡¢
- <literal>lsrr</literal> (¥ë¡¼¥º¥½¡¼¥¹¥ë¡¼¥È)¡¢
- <literal>rr</literal> (¥ì¥³¡¼¥É¥Ñ¥±¥Ã¥È¥ë¡¼¥È)¡¢
- ¤½¤·¤Æ <literal>ts</literal> (¥¿¥¤¥à¥¹¥¿¥ó¥×) ¤Ç¤¹¡£
- ÆÃÄê¤Î¥ª¥×¥·¥ç¥ó¤ò´Þ¤Þ¤Ê¤¤¤³¤È¤ò»ØÄꤹ¤ë¤Ë¤Ï
- <literal>!</literal> ¤òÀèƬ¤Ë¤Ä¤±¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>established</term>
- <listitem>
- <para>¥Ñ¥±¥Ã¥È¤¬´û¤Ë³ÎΩ¤µ¤ì¤Æ¤¤¤ë TCP
- ¥³¥Í¥¯¥·¥ç¥ó¤Î°ìÉô¤Ç¤¢¤ì¤Ð (¤Ä¤Þ¤ê RST ¤Þ¤¿¤Ï ACK
- ¥Ó¥Ã¥È¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤ì¤Ð) ¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- <emphasis>established</emphasis>
- ¥ë¡¼¥ë¤ò¥Á¥§¡¼¥ó¤ÎºÇ½é¤ÎÊý¤ËÃÖ¤¯¤³¤È¤Ç¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥Ñ¥Õ¥©¡¼¥Þ¥ó¥¹¤ò¸þ¾å¤µ¤»¤ë¤³¤È¤¬
- ¤Ç¤¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>setup</term>
- <listitem>
- <para>¥Ñ¥±¥Ã¥È¤¬ TCP
- ¥³¥Í¥¯¥·¥ç¥ó¤ò³ÎΩ¤·¤è¤¦¤È¤¹¤ë¤â¤Î¤Ç¤¢¤ì¤Ð (SYN
- ¥Ó¥Ã¥È¤¬¥»¥Ã¥È¤µ¤ì ACK ¥Ó¥Ã¥È¤Ï¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð)
- ¥Þ¥Ã¥Á¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>tcpflags <replaceable>flags</replaceable></term>
- <listitem>
- <para>TCP ¥Ø¥Ã¥À¤¬ <replaceable>flags</replaceable>
- ¤Ë»ØÄꤵ¤ì¤¿ ¥«¥ó¥Þ¤Ç¶èÀÚ¤é¤ì¤¿¥Õ¥é¥°¤Î
- ¥ê¥¹¥È¤ò´Þ¤ó¤Ç¤¤¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- ¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤ë¥Õ¥é¥°¤Ï¡¢<literal>fin</literal>,
- <literal>syn</literal>, <literal>rst</literal>,
- <literal>psh</literal>, <literal>ack</literal> ¤È
- <literal>urg</literal> ¤Ç¤¹¡£
- ÆÃÄê¤Î¥Õ¥é¥°¤ò´Þ¤Þ¤Ê¤¤¤³¤È¤ò»ØÄꤹ¤ë¤Ë¤Ï
- <literal>!</literal> ¤òÀèƬ¤Ë¤Ä¤±¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>icmptypes <replaceable>types</replaceable></term>
- <listitem>
- <para>ICMP ¥¿¥¤¥×¤¬ <replaceable>types</replaceable>
- ¥ê¥¹¥È¤Ë ¸ºß¤·¤Æ¤¤¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- ¥ê¥¹¥È¤Ï¥¿¥¤¥×¤ÎÈϰϤޤ¿¤Ï¸Ä¡¹¤Î¥¿¥¤¥×¤ò
- ¥«¥ó¥Þ¤Ç¶èÀڤä¿Ç¤°Õ¤ÎÁȹ礻¤Ç»ØÄê¤Ç¤¤Þ¤¹¡£
- °ìÈÌŪ¤Ë»ÈÍѤµ¤ì¤Æ¤¤¤ë ICMP ¥¿¥¤¥×¤Ï:
- <literal>0</literal> ¥¨¥³¡¼¥ê¥×¥é¥¤ (ping ¥ê¥×¥é¥¤)¡¢
- <literal>3</literal> Áê¼êÀèÅþãÉÔ²Äǽ¡¢
- <literal>5</literal> ¥ê¥À¥¤¥ì¥¯¥È¡¢
- <literal>8</literal> ¥¨¥³¡¼¥ê¥¯¥¨¥¹¥È (ping
- ¥ê¥¯¥¨¥¹¥È)¡¢¤½¤·¤Æ <literal>11</literal> »þ´ÖĶ²á
- (&man.traceroute.8; ¤Ç»ÈÍѤµ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢TTL
- Ëþλ¤ò¼¨¤¹¤Î¤Ë»ÈÍѤµ¤ì¤Þ¤¹) ¤Ç¤¹¡£</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </sect3>
-
- <sect3>
- <title>IPFW ¥ë¡¼¥ë¥ê¥¹¥È¤Îɽ¼¨</title>
-
- <para>¤³¤Î·Á¼°¤Ç¤Î»ÈÍÑË¡¤Ï:
- <cmdsynopsis>
- <command>ipfw</command>
- <arg>-a</arg>
- <arg>-c</arg>
- <arg>-d</arg>
- <arg>-e</arg>
- <arg>-t</arg>
- <arg>-N</arg>
- <arg>-S</arg>
- <arg choice="plain">list</arg>
- </cmdsynopsis>
- </para>
-
- <para>¤³¤Î·Á¼°¤Ç»ÈÍѤ¹¤ëºÝ¤Ë͸ú¤Ê¥Õ¥é¥°¤Ï 7 ¤Ä¤¢¤ê¤Þ¤¹¡£</para>
-
- <variablelist>
- <varlistentry><term>-a</term>
- <listitem>
- <para>¥ê¥¹¥Èɽ¼¨¤ÎºÝ¤Ë¥«¥¦¥ó¥¿¤ÎÃͤâɽ¼¨¤·¤Þ¤¹¡£
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï ¥¢¥«¥¦¥ó¥Æ¥£¥ó¥°¥«¥¦¥ó¥¿¤Î
- ÆâÍƤò¸«¤ëÍ£°ì¤Î¼êÃʤǤ¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-c</term>
-
- <listitem>
- <para>¥³¥ó¥Ñ¥¯¥È¤Ê·Á¼°¤Ç¥ë¡¼¥ë¤Î°ìÍ÷¤òɽ¼¨¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-d</term>
-
- <listitem>
- <para>ÀÅŪ¥ë¡¼¥ë¤Ë²Ã¤¨Æ°Åª¥ë¡¼¥ë¤âɽ¼¨¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-e</term>
-
- <listitem>
- <para><option>-d</option> ¤¬»ØÄꤵ¤ì¤Æ¤¤¤ë¤È¤¤Ë¤Ï¡¢
- ´ü¸Â¤¬Àڤ줿ưŪ¥ë¡¼¥ë¤âɽ¼¨¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-t</term>
-
- <listitem>
- <para>³Æ¥Á¥§¡¼¥ó¥¨¥ó¥È¥ê¤¬ºÇ¸å¤Ë
- ¥Þ¥Ã¥Á¤·¤¿»þ¹ï¤òɽ¼¨¤·¤Þ¤¹¡£¤³¤Î»þ¹ïɽ¼¨¤Ï
- &man.ipfw.8; ¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç»ÈÍѤµ¤ì¤ëÆþÎÏ·Á¼°¤È
- ¸ß´¹À¤¬¤¢¤ê¤Þ¤»¤ó¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry><term>-N</term>
- <listitem>
- <para>(²Äǽ¤Ç¤¢¤ì¤Ð)
- ¥¢¥É¥ì¥¹¤ä¥µ¡¼¥Ó¥¹Ì¾¤òʸ»úÎó¤ËÊÑ´¹¤·¤Æɽ¼¨¤·¤Þ¤¹¡£</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>-S</term>
-
- <listitem>
- <para>³Æ¥ë¡¼¥ë¤¬½ê°¤·¤Æ¤¤¤ë¥»¥Ã¥È¤òɽ¼¨¤·¤Þ¤¹¡£
- ¤³¤Î¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢
- ̵¸ú¤Ë¤µ¤ì¤Æ¤¤¤ë¥ë¡¼¥ë¤Ï°ìÍ÷¤Ëɽ¼¨¤µ¤ì¤Þ¤»¤ó¡£</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </sect3>
-
- <sect3>
- <title>IPFW ¥ë¡¼¥ë¤Î¥Õ¥é¥Ã¥·¥å</title>
-
- <para>¥Á¥§¡¼¥ó¤ò¥Õ¥é¥Ã¥·¥å¤¹¤ë¤Ë¤Ï:
- <cmdsynopsis>
- <command>ipfw</command>
- <arg choice="plain">flush</arg>
- </cmdsynopsis>
- </para>
-
- <para>¥«¡¼¥Í¥ë¤Ë¸ÇÄꤵ¤ì¤Æ¤¤¤ë¥Ç¥Õ¥©¥ë¥È¥ë¡¼¥ë (¥¤¥ó¥Ç¥Ã¥¯¥¹
- 65535 ÈÖ) °Ê³°¤Î¡¢
- ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥Á¥§¡¼¥ó¤ÎÃæ¤Î¤¹¤Ù¤Æ¤Î¥¨¥ó¥È¥ê¤òºï½ü¤·¤Þ¤¹¡£
- ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤¬µñÀ䤵¤ì¤ë¤Î¤Ç¡¢
- °ìö¤³¤ì¤ò¼Â¹Ô¤¹¤ë¤È¡¢
- ¥Ñ¥±¥Ã¥È¤òµö²Ä¤¹¤ë¥¨¥ó¥È¥ê¤¬¥Á¥§¡¼¥ó¤ËÄɲ䵤ì¤ë¤Þ¤Ç¡¢
- ¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥à¤¬¥Í¥Ã¥È¥ï¡¼¥¯¤«¤éÀÚ¤êÊü¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
- ¤½¤Î¤¿¤á¡¢
- ¥ë¡¼¥ë¤Î¥Õ¥é¥Ã¥·¥å¤ò¤ª¤³¤Ê¤¦¤È¤¤ÏÃí°Õ¤¬É¬ÍפǤ¹¡£</para>
- </sect3>
-
- <sect3>
- <title>IPFW ¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤Î¥¯¥ê¥¢</title>
-
- <para>°ì¤Ä¤Þ¤¿¤Ï¤½¤ì°Ê¾å¤Î¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤ò¥¯¥ê¥¢¤¹¤ë¤¿¤á¤Ë¤Ï:
- <cmdsynopsis>
- <command>ipfw</command>
- <arg choice="plain">zero</arg>
- <arg choice="opt"><replaceable>index</replaceable></arg>
- </cmdsynopsis>
- </para>
-
- <para><replaceable>index</replaceable> ¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¡¢
- ¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤¬ ¥¯¥ê¥¢¤µ¤ì¤Þ¤¹¡£
- <replaceable>index</replaceable> ¤¬»ØÄꤵ¤ì¤Æ¤¤¤ì¤Ð¡¢
- ÆÃÄê¤Î¥Á¥§¡¼¥ó¥¨¥ó¥È¥ê¤À¤±¤¬ ¥¯¥ê¥¢¤µ¤ì¤Þ¤¹¡£</para>
- </sect3>
- </sect2>
-
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list