Solaris和IP Filter软件包搭建防火墙的详细步骤 | |
---|---|
http://www.sina.com.cn 2006年10月14日 13:17 ChinaByte | |
#!/bin/sh case "$1" in start) echo "Activating IP Forwarding..." /usr/sbin/ndd -set /dev/tcp ip_forwarding 1 ;; stop) echo "De-activating IP Forwarding..." /usr/sbin/ndd -set /dev/tcp ip_forwarding 0 ;; *) echo "Usage: $0 (start|stop)" >&2 exit 1 ;; esac exit 0 Make it executable # chmod 744 /etc/init.d/ipforward Then link it as /etc/rc2.d/S69ipforward # ln -s /etc/init.d/ipforward /etc/rc2.d/S69ipforward Note: ipforwarding must run after ipf & inet (v) ipf and nat rules set: Create a file called /etc/opt/ipf/ipnat.conf. /etc/opt/ipf/ipf.conf is already exist and is empty. The file /etc/opt/ipf/ipf.conf is used to write your firewall rules, which is beyond the scope of this document. Check the IP Filter HOWTO page for more info: http://unixcircle.com/ipf (4) Installing OpenSSH (optional) One can go the easy way and just grab a binary package from http://www.sunfreeware.com or learn alot of stuff by hand-build: (in order). Make sure you read the README or INSTALL file that comes in each package: 1. Get & install Perl 2. Get & install zlib 3. Get & install OpenSSL 4. Get & install OpenSSH - Startup scrip for sshd, save it as /etc/rc3.d /S99sshd #!/sbin/sh # case "$1" in 'start') if [ -x /usr/local/sbin/sshd ]; then echo 'Starting Secure Shell: sshd'; /usr/local/sbin/sshd fi ;; 'stop') /usr/bin/pkill -x -u 0 sshd ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0 - Then make it executable: # chmod 744 /etc/rc3.d/S99sshd (5) Config syslogd to send to a syslog server Make sure ipmon is run with option -Dsnxa in /etc/init.d/ipfboot To have ipmon login info to syslog you need to add the following to /etc/syslog.conf ... # IP Filter # Log to local local0.info;local0.err;local0.debug /var/log/ipflog # # Log to a dedicate syslog server local0.info;local0.err;local0.debug ifdef('LOGHOST', /var/log/ipflog, @loghost) ... Remember syslog requires a tab instead of space (6) Reboot and enjoy |