设为首页 - 加入收藏 ASP站长网(Aspzz.Cn)- 科技、建站、经验、云计算、5G、大数据,站长网!
热搜: 数据 手机 公司
当前位置: 首页 > 服务器 > 搭建环境 > Windows > 正文

如何在FreeBSD上设置PF防火墙来保护Web服务器(3)

发布时间:2018-09-19 10:10 所属栏目:117 来源:Vivek Gite
导读:输入下面这些命令: # service pflog start # service pflog stop # service pflog restart 第四步: pfctl 命令的简单介绍 你需要使用 pfctl 命令来查看 PF 规则集和参数配置,包括来自 包过滤器 packet filter 的

输入下面这些命令:

  1. # service pflog start
  2. # service pflog stop
  3. # service pflog restart

第四步:pfctl 命令的简单介绍

你需要使用 pfctl 命令来查看 PF 规则集和参数配置,包括来自包过滤器packet filter的状态信息。让我们来看一下所有常见命令:

显示 PF 规则信息

  1. # pfctl -s rules

示例输出:

  1. block return in log all
  2. block drop out all
  3. block drop in quick on ! vtnet0 inet from 172.xxx.yyy.zzz/24 to any
  4. block drop in quick inet from 172.xxx.yyy.zzz/24 to any
  5. pass in quick on vtnet0 inet proto tcp from 139.aaa.ccc.ddd to 172.xxx.yyy.zzz/24 port = ssh flags S/SA keep state label "USER_RULE: Allow SSH from 139.aaa.ccc.ddd"
  6. pass inet proto icmp all icmp-type echoreq keep state
  7. pass out quick on vtnet0 proto tcp from any to any port = domain flags S/SA keep state
  8. pass out quick on vtnet0 proto tcp from any to any port = ntp flags S/SA keep state
  9. pass out quick on vtnet0 proto tcp from any to any port = smtp flags S/SA keep state
  10. pass out quick on vtnet0 proto tcp from any to any port = http flags S/SA keep state
  11. pass out quick on vtnet0 proto tcp from any to any port = https flags S/SA keep state
  12. pass out quick on vtnet0 proto tcp from any to any port = ftp flags S/SA keep state
  13. pass out quick on vtnet0 proto tcp from any to any port = ssh flags S/SA keep state
  14. pass out quick on vtnet0 proto udp from any to any port = domain keep state
  15. pass out quick on vtnet0 proto udp from any to any port = ntp keep state

显示每条规则的详细内容

  1. # pfctl -v -s rules

在每条规则的详细输出中添加规则编号:

  1. # pfctl -vvsr show

显示状态信息

  1. # pfctl -s state
  2. # pfctl -s state | more
  3. # pfctl -s state | grep 'something'

如何在命令行中禁止 PF 服务

  1. # pfctl -d

如何在命令行中启用 PF 服务

  1. # pfctl -e

如何在命令行中刷新 PF 规则/NAT/路由表

  1. # pfctl -F all

示例输出:

  1. rules cleared
  2. nat cleared
  3. 0 tables deleted.
  4. 2 states cleared
  5. source tracking entries cleared
  6. pf: statistics cleared
  7. pf: interface flags reset

如何在命令行中仅刷新 PF 规则

  1. # pfctl -F rules

如何在命令行中仅刷新队列

  1. # pfctl -F queue

如何在命令行中刷新统计信息(它不是任何规则的一部分)

  1. # pfctl -F info

如何在命令行中清除所有计数器

  1. # pfctl -z clear

第五步:查看 PF 日志

PF 日志是二进制格式的。使用下面这一命令来查看:

  1. # tcpdump -n -e -ttt -r /var/log/pflog

(编辑:ASP站长网)

网友评论
推荐文章
    热点阅读