Configuration of the “/etc/rc.d/init.d/firewall” script file for the Gateway Server

# ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
# -s $ANYWHERE 43 \
# -d $IPADDR $UNPRIVPORTS -j ACCEPT
# ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
# -s $IPADDR $UNPRIVPORTS \
# -d $ANYWHERE 43 -j ACCEPT
# OUTGOING TRACEROUTE
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \ -s $IPADDR $TRACEROUTE_SRC_PORTS \ -d $ANYWHERE $TRACEROUTE_DEST_PORTS -j ACCEPT
# Unlimited traffic within the local network.
# All internal machines have access to the firewall machine.
ipchains -A input -i $LOCAL_INTERFACE_1 -s $LOCALNET_1 -j ACCEPT ipchains -A output -i $LOCAL_INTERFACE_1 -d $LOCALNET_1 -j ACCEPT
# FreeS/WAN IPSec VPN
# If you are using the FreeSWAN IPSec VPN, you will need to fill in the
# addresses of the gateways in the IPSECSG and the virtual interfaces for
# FreeS/Wan IPSEC in the FREESWANVI parameters. Look at the beginning of
# this firewall script rules file to set the parameters.
# IPSECSG is a Space separated list of remote gateways. FREESWANVI is a
# Space separated list of virtual interfaces for FreeS/Wan IPSEC
# implementation. Only include those that are actually used.
# Allow IPSEC protocol from remote gateways on external interface
# IPSEC uses three main types of packet:
# IKE uses the UDP protocol and port 500,
# ESP use the protocol number 50, and
# AH use the protocol number 51
# ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
# -s $IPSECSG -j ACCEPT
# ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
# -d $IPSECSG -j ACCEPT

Страниц: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15