[FUG-BR] Abrir portas ipfw

Bandeira gnu.groups em gmail.com
Quarta Outubro 15 04:04:19 BRT 2008


Muito obrigado Wesley, works fine :)

[]'s

2008/10/14 Wesley Miranda <wesleymiranda2 em gmail.com>

> 2008/10/12 Bandeira <gnu.groups em gmail.com>
>
> > O problema é que não é FreeBSD e sim Leopard, não disse para não gerar
> > flame.
> > E nele não tem como tirar a regra 65535 allow ip from any to any ela
> sempre
> > fica.
> > As portas do aMule como disse eu sei quais são, 32003, 32715, 32000
> > Eu achei na internet usar no Leopard assim:
> >
> > 65534 deny ip from any to any
> > 65535 allow ip from any to any
> >
> > Mas dessa forma as portas do aMule não abrem, somente do torrent, 51413
> >
> > Minhas regras atuais com as portas do aMule abertas: Uso throttled pro.
> >
> > sh-3.2# ipfw list
> > 00070 divert 17779 tcp from any to any out xmit en* tcpflags ack iplen
> 0-70
> > 00070 divert 17779 tcp from any to any setup out xmit en*
> > 00070 divert 17779 icmp from any to any out xmit en*
> > 00070 divert 17779 tcp from any to any dst-port 53 out xmit en*
> > 00070 divert 17779 udp from any to any dst-port 53 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 80 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 443 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 3130 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 8080 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 8118 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 9001 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 9030 out xmit en*
> > 00070 divert 17779 tcp from any to any dst-port 9050 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 9051 out xmit en*
> > 00070 divert 17779 tcp from any to any dst-port 22 out xmit en*
> > 00070 divert 17779 tcp from any to any dst-port 2222 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 143 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 21 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 1863 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 6667 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 6668 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 9999 out xmit en*
> > 00070 divert 17778 tcp from any to any dst-port 16732 out xmit en*
> > 00070 divert 17777 ip from any to any out xmit en*
> > 01000 allow ip from any to any via lo*
> > 02000 deny ip from any to any frag
> > 02001 allow udp from any to any dst-port 37003
> > 02002 allow udp from any to any dst-port 32715
> > 02003 allow tcp from any to any dst-port 32000
> > 02004 allow tcp from any to any dst-port 51413
> > 02005 allow tcp from any to any dst-port 16000
> > 04001 deny ip from 127.0.0.0/8 to any in
> > 04101 deny ip from any to 127.0.0.0/8 in
> > 04201 deny ip from 224.0.0.0/3 to any in
> > 04301 deny tcp from any to 224.0.0.0/3 in
> > 04401 allow tcp from any to any out
> > 04501 allow tcp from any to any established
> > 04601 allow icmp from any to any icmptypes 0,3,11
> > 04602 allow icmp from any to any icmptypes 8 out
> > 04701 deny icmp from any to any
> > 04801 deny ip from any to any ipoptions rr
> > 04901 deny ip from any to any ipoptions ts
> > 05001 deny ip from any to any ipoptions lsrr
> > 05101 deny ip from any to any ipoptions ssrr
> > 05301 deny tcp from any to any tcpflags syn,fin
> > 05311 deny tcp from any to any tcpflags syn,rst
> > 05321 deny tcp from any 0 to any
> > 05331 deny tcp from any to any dst-port 0
> > 05341 deny udp from any 0 to any
> > 05351 deny udp from any to any dst-port 0
> > 05361 deny ip from 224.0.0.0/4 to any in
> > 05371 deny ip from 0.0.0.0/8 to any
> > 65535 allow ip from any to any
> >
> >
> Meu jovem,
>
> Essa regra pode lhe ajudar bastante.
>
> /sbin/ipfw add <NUMERO> allow udp from any to any dst-port
> 32000,32003,32715
> /sbin/ipfw add <NUMERO> allow tcp from any to any dst-port
> 32000,32003,32715
> /sbin/ipfw add <NUMERO> allow udp from any to any src-port
> 32000,32003,32715
> /sbin/ipfw add <NUMERO> allow tcp from any to any src-port
> 32000,32003,32715
>
> Abraço.
>
> Wesley Miranda
> FreeBSD Consult
> wesley em freebsdconsult.com.br
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>


Mais detalhes sobre a lista de discussão freebsd