我的FreeBSD上IPFW防火墙脚本
/sbin/ipfw add 00001 deny log ip from any to any ipopt rr
/sbin/ipfw add 00002 deny log ip from any to any ipopt ts
/sbin/ipfw add 00003 deny log ip from any to any ipopt ssrr
/sbin/ipfw add 00004 deny log ip from any to any ipopt lsrr
/sbin/ipfw add 00005 deny tcp from any to any in tcpflags syn,fin
/sbin/ipfw add 19997 check-state
/sbin/ipfw add 19998 allow tcp from any to any out keep-state setup
/sbin/ipfw add 19999 allow tcp from any to any out
/sbin/ipfw add 20001 allow udp from any 53 to me in recv rl0
/sbin/ipfw add 29999 allow udp from any to any out
/sbin/ipfw add 30000 allow icmp from any to any icmptypes 3
/sbin/ipfw add 30001 allow icmp from any to any icmptypes 4
/sbin/ipfw add 30002 allow icmp from any to any icmptypes 8 out
/sbin/ipfw add 30003 allow icmp from any to any icmptypes 0 in
/sbin/ipfw add 30004 allow icmp from any to any icmptypes 11 in
#/sbin/ipfw add 40000 allow all from 192.168.0.0/16 to any
#/sbin/ipfw add 40001 allow all from any to 192.168.0.0/16
#/sbin/ipfw flush
/sbin/ipfw add 00002 deny log ip from any to any ipopt ts
/sbin/ipfw add 00003 deny log ip from any to any ipopt ssrr
/sbin/ipfw add 00004 deny log ip from any to any ipopt lsrr
/sbin/ipfw add 00005 deny tcp from any to any in tcpflags syn,fin
/sbin/ipfw add 19997 check-state
/sbin/ipfw add 19998 allow tcp from any to any out keep-state setup
/sbin/ipfw add 19999 allow tcp from any to any out
/sbin/ipfw add 20001 allow udp from any 53 to me in recv rl0
/sbin/ipfw add 29999 allow udp from any to any out
/sbin/ipfw add 30000 allow icmp from any to any icmptypes 3
/sbin/ipfw add 30001 allow icmp from any to any icmptypes 4
/sbin/ipfw add 30002 allow icmp from any to any icmptypes 8 out
/sbin/ipfw add 30003 allow icmp from any to any icmptypes 0 in
/sbin/ipfw add 30004 allow icmp from any to any icmptypes 11 in
#/sbin/ipfw add 40000 allow all from 192.168.0.0/16 to any
#/sbin/ipfw add 40001 allow all from any to 192.168.0.0/16
#/sbin/ipfw flush
