FreeBSD ÀÇ pf ¿¡ °üÇؼ­ Áú¹® Çغ¾´Ï´Ù.

À¯»ç¿ë   
   Á¶È¸ 5613   Ãßõ 6    


Áö±Ý FR 6.1À» ¼³Ä¡ÈÄ pf + if_bridge ¸¦ ±¸¼ºÇß½À´Ï´Ù.

/etc/rc.conf ¿¡¼­ bridge0 ¿¡ °üÇÑ ³»¿ëÀÔ´Ï´Ù.
cloned_interfaces="bridge0"
ifconfig_bridge0="addm em0 addm em1 up"

ifconfig_em0="up"                 #  Turn the bridge NICs up
ifconfig_em1="up"                 #  Thanks to Bruce A. Mah <****@*******.org>

ifconfig ¿¡¼­ pf¿Í bridge ¿¡ °ü·ÃµÈ ³»¿ë ÀÔ´Ï´Ù.

pfsync0: flags=0<> mtu 2020
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
bridge0: flags=8143<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
        ether ac:de:48:15:aa:4c
        priority 32768 hellotime 2 fwddelay 15 maxage 20
        member: em1 flags=3<LEARNING,DISCOVER>
        member: em0 flags=3<LEARNING,DISCOVER>

bridge0 ´Â Àß ¿Ã¶ó ¿Ô½À´Ï´Ù.

/etc/pf.conf ¸¦ ±¸¼º ÁßÀε¥ À߾ȵ˴ϴÙ..

ext_if="bridge0"    # replace with actual external interface name i.e., bridge0
mgt_if="em2"        # replace with actual internal interface name i.e., em2

serverport="{ssh, http,  smtp, pop3, ftp, domain, 3389, 6881:6999,  60000:65534}"

set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"

# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in all

# Loopback interface
pass  in  quick on lo0 all

# Filtering: the implicit first two rules are
block in all
pass out all

pass  in  quick on $mgt_if all
pass  out quick on $mgt_if all

# Block everything and log it
block log on $mgt_if all
block log on $ext_if all

pass  in  on $ext_if proto { tcp, udp } from any to $ext_if port $serverport keep state
pass  out on $ext_if proto { tcp, udp } all keep state

À§¿Í °°ÀÌ ¼³Á¤À» ÇÏ¿´Áö¸¸. µÇÁö ¾Ê½À´Ï´Ù.
block in all
pass out all
¾ÈµË´Ï´Ù.

pass in all
pass out all
Àº Àߵ˴ϴÙ.

ÇÏÁö¸¸, pf ´Â ´Ù¸·°í ³ª¼­ ÇÊ¿ä ÇÑ°ÍÀ» Çϳª¾¿ ¿©´Â °Å·Î ¾Ë°í ÀÖ½À´Ï´Ù.
serverport ´Â ÇÊ¿ä Çϸé.. ´õ ¸¹Àº port ¸¦ Ãß°¡ ÇÒ»ý°¢ÀÔ´Ï´Ù.

ext_if="bridge0"  ´Â em (intel lan) Ä«µå 2ÀåÀ» bridge ·Î ¹­Àº °ÍÀÔ´Ï´Ù.
mgt_if="em2" ´Â °ü¸®¸¦ À§ÇÑ ·£Ä«µå ÀÔ´Ï´Ù.
bridge0 ´Â non-IP ÀÔ´Ï´Ù.
em2´Â IP°¡ ÇÒ´ç µÇ¾îÀÖ½À´Ï´Ù.

µµ¿Í ÁÖ¼¼¿ä.. Èæ..Èæ..
ªÀº±Û Àϼö·Ï ½ÅÁßÇÏ°Ô.


QnA
Á¦¸ñPage 4434/5682
2015-12   1488558   ¹é¸Þ°¡
2014-05   4951972   Á¤ÀºÁØ1
2008-01   6738   ³²Âù¿ì
2008-02   5276   ¹æÈ¿¹®
2005-12   5898   ¹®»óÈÆ
2006-04   5220   ÀÓÁø¿í
2003-09   11302   ÀÌÅ¿ø
2006-05   5614   À¯»ç¿ë
2005-01   6714   °í´ëÁØ
2005-01   6519   ÃÖÁ¤¼ö
2008-02   5493   Â÷½Âȯ
2008-03   5479   Á¤ÁÖȯ
2008-11   4852   ¹ÚÁ¾¿­
2008-12   5169   ±è°Ç¿ì
2006-01   5701   ±è»óÀÏ
2006-06   5329   ±è³²Çõ
2004-07   7333   ¹ÚÀçÈ£
2007-04   4040   ¾ç»ó¿ë
2007-04   5045   ÀÌÁö¾ð
2009-01   4337   ±è°Ç¿ì
2004-09   6443   ÀÌÇõ
2004-11   7160   ±èÁ¾ÅÂ