科技时代新浪首页 > 科技时代 > 滚动新闻 > 正文

Solaris和IP Filter软件包搭建防火墙的详细步骤


http://www.sina.com.cn 2006年10月14日 13:17 ChinaByte

  #!/bin/sh

  case "$1" in

  start)

  echo "Activating IP Forwarding..."

  /usr/sbin/ndd -set /dev/tcp ip_forwarding 1

  ;;

  stop)

  echo "De-activating IP Forwarding..."

  /usr/sbin/ndd -set /dev/tcp ip_forwarding 0

  ;;

  *)

  echo "Usage: $0 (start|stop)" >&2

  exit 1

  ;;

  esac

  exit 0

  Make it executable

  # chmod 744 /etc/init.d/ipforward

  Then link it as /etc/rc2.d/S69ipforward

  # ln -s /etc/init.d/ipforward /etc/rc2.d/S69ipforward

  Note: ipforwarding must run after ipf & inet

  (v) ipf and nat rules set:

  Create a file called /etc/opt/ipf/ipnat.conf.

  /etc/opt/ipf/ipf.conf is already exist and is empty.

  The file /etc/opt/ipf/ipf.conf is used to write your

  firewall rules, which is beyond the scope of this document.

  Check the IP Filter HOWTO page for more info:

  http://unixcircle.com/ipf

  (4) Installing OpenSSH (optional)

  One can go the easy way and just grab a binary package from

  http://www.sunfreeware.com or learn alot of stuff by hand-build:

  (in order). Make sure you read the README or INSTALL file that

  comes in each package:

  1. Get & install Perl

  2. Get & install zlib

  3. Get & install OpenSSL

  4. Get & install OpenSSH

  - Startup scrip for sshd, save it as /etc/rc3.d /S99sshd

  #!/sbin/sh

  #

  case "$1" in

  'start')

  if [ -x /usr/local/sbin/sshd ]; then

  echo 'Starting Secure Shell: sshd';

  /usr/local/sbin/sshd

  fi

  ;;

  'stop')

  /usr/bin/pkill -x -u 0 sshd

  ;;

  *)

  echo "Usage: $0 { start | stop }"

  exit 1

  ;;

  esac

  exit 0

  - Then make it executable:

  # chmod 744 /etc/rc3.d/S99sshd

  (5) Config syslogd to send to a syslog server

  Make sure ipmon is run with option -Dsnxa in /etc/init.d/ipfboot

  To have ipmon login info to syslog you need to add the following

  to /etc/syslog.conf

  ...

  # IP Filter

  # Log to local

  local0.info;local0.err;local0.debug /var/log/ipflog

  #

  # Log to a dedicate syslog server

  local0.info;local0.err;local0.debug ifdef('LOGHOST', /var/log/ipflog, @loghost)

  ...

  Remember syslog requires a tab instead of space

  (6) Reboot and enjoy

爱问(iAsk.com)



论坛】【收藏此页】【 】【多种方式看新闻】【下载点点通】【打印】【关闭




科技时代意见反馈留言板 电话:010-82628888-5595   欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

Copyright © 1996 - 2006 SINA Inc. All Rights Reserved

新浪公司 版权所有