FreeBSD ÀÇ pf ¿¡ °üÇؼ­ Áú¹® Çغ¾´Ï´Ù.

À¯»ç¿ë   
   Á¶È¸ 5664   Ãßõ 6    


Áö±Ý FR 6.1À» ¼³Ä¡ÈÄ pf + if_bridge ¸¦ ±¸¼ºÇß½À´Ï´Ù.

/etc/rc.conf ¿¡¼­ bridge0 ¿¡ °üÇÑ ³»¿ëÀÔ´Ï´Ù.
cloned_interfaces="bridge0"
ifconfig_bridge0="addm em0 addm em1 up"

ifconfig_em0="up"                 #  Turn the bridge NICs up
ifconfig_em1="up"                 #  Thanks to Bruce A. Mah <****@*******.org>

ifconfig ¿¡¼­ pf¿Í bridge ¿¡ °ü·ÃµÈ ³»¿ë ÀÔ´Ï´Ù.

pfsync0: flags=0<> mtu 2020
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
bridge0: flags=8143<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
        ether ac:de:48:15:aa:4c
        priority 32768 hellotime 2 fwddelay 15 maxage 20
        member: em1 flags=3<LEARNING,DISCOVER>
        member: em0 flags=3<LEARNING,DISCOVER>

bridge0 ´Â Àß ¿Ã¶ó ¿Ô½À´Ï´Ù.

/etc/pf.conf ¸¦ ±¸¼º ÁßÀε¥ À߾ȵ˴ϴÙ..

ext_if="bridge0"    # replace with actual external interface name i.e., bridge0
mgt_if="em2"        # replace with actual internal interface name i.e., em2

serverport="{ssh, http,  smtp, pop3, ftp, domain, 3389, 6881:6999,  60000:65534}"

set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"

# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in all

# Loopback interface
pass  in  quick on lo0 all

# Filtering: the implicit first two rules are
block in all
pass out all

pass  in  quick on $mgt_if all
pass  out quick on $mgt_if all

# Block everything and log it
block log on $mgt_if all
block log on $ext_if all

pass  in  on $ext_if proto { tcp, udp } from any to $ext_if port $serverport keep state
pass  out on $ext_if proto { tcp, udp } all keep state

À§¿Í °°ÀÌ ¼³Á¤À» ÇÏ¿´Áö¸¸. µÇÁö ¾Ê½À´Ï´Ù.
block in all
pass out all
¾ÈµË´Ï´Ù.

pass in all
pass out all
Àº Àߵ˴ϴÙ.

ÇÏÁö¸¸, pf ´Â ´Ù¸·°í ³ª¼­ ÇÊ¿ä ÇÑ°ÍÀ» Çϳª¾¿ ¿©´Â °Å·Î ¾Ë°í ÀÖ½À´Ï´Ù.
serverport ´Â ÇÊ¿ä Çϸé.. ´õ ¸¹Àº port ¸¦ Ãß°¡ ÇÒ»ý°¢ÀÔ´Ï´Ù.

ext_if="bridge0"  ´Â em (intel lan) Ä«µå 2ÀåÀ» bridge ·Î ¹­Àº °ÍÀÔ´Ï´Ù.
mgt_if="em2" ´Â °ü¸®¸¦ À§ÇÑ ·£Ä«µå ÀÔ´Ï´Ù.
bridge0 ´Â non-IP ÀÔ´Ï´Ù.
em2´Â IP°¡ ÇÒ´ç µÇ¾îÀÖ½À´Ï´Ù.

µµ¿Í ÁÖ¼¼¿ä.. Èæ..Èæ..
ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.


QnA
Á¦¸ñPage 2216/5687
2014-05   4998826   Á¤ÀºÁØ1
2015-12   1534650   ¹é¸Þ°¡
2006-05   5665   À¯»ç¿ë
2005-09   5665   ³ëÇü¼®
2015-06   5665   jiminbape
2016-11   5665   AutoCAD
2015-09   5665   ¾Æ¸§´Ù¿î³ëÀ»
2018-04   5665   ¸¶ÄÉ·Î
2005-10   5665   äÁ¾À±
2006-11   5665   ¹æÈ¿¹®
2006-03   5665   ±èÇýÁø
2007-11   5665   Á¶¸í¼ö
2008-12   5665   ¹ÚÁ¾¿ë
2009-01   5665   Çѵ¿ÈÆ
2006-04   5665   ¹ÚµÎÁø
2012-05   5665   ¹Ì¼ö¸Ç
2020-06   5665   AplPEC
2005-07   5665   ¿ÀÇü±Ù
2006-03   5665   ȲÇýÁø
2021-11   5665   AMDºô·±
2015-07   5665   ¹Ú³²±Ô
2006-04   5664   °í¿µ±Ù