路由表重置 linux,Linux教程:利用PF来实现多路由表

于 2021-05-12 14:23:59 发布
阅读量543 收藏
点赞数
文章标签: 路由表重置 linux

在FreeBSD7.1之前,要实现跟linux下的iproute2那样的功能:从哪来的数据还从哪返回,可以用PF来实现,具体方法如下:

1:rc.conf里面

设置两个ip,一个默认路由(注意此处的默认路由仅仅相对于该机器对外访问时的路由选择)

2:pf.conf

tel_if  = "em0" #

cnc_if  = "em1" #

loop_if = "lo0"

gw_tel  = "121.33.xx.xx"

gw_cnc  = "210.21.yy.yy"

set optimization aggressive

#set timeout { interval 10, frag 30 }

set timeout { tcp.first 30, tcp.opening 5, tcp.established 1800 }

#set timeout { tcp.closing 60, tcp.finwait 30, tcp.closed 30 }

#set timeout { udp.first 60, udp.single 30, udp.multiple 60 }

#set timeout { icmp.first 20, icmp.error 10 }

#set timeout { other.first 60, other.single 30, other.multiple 60 }

#set timeout { adaptive.start 0, adaptive.end 0 }

scrub in all

# Block IP on the $ext_if

block in quick on {$tel_if, $cnc_if} from to any

block all

pass quick on $loop_if all

#############################

# $tel_if

#############################

block in quick on $tel_if proto tcp all flags SF/SFRA

block in quick on $tel_if proto tcp all flags SFUP/SFRAU

block in quick on $tel_if proto tcp all flags FPU/SFRAUP

block in quick on $tel_if proto tcp all flags /SFRA

block in quick on $tel_if proto tcp all flags F/SFRA

block in quick on $tel_if proto tcp all flags U/SFRAU

# SSH,HTTP,SMTP,POP3,FTP

pass in quick on $tel_if proto tcp from $tel_if:network to any port {22,80,443,25,110,143} keep state

pass in quick on $tel_if proto tcp from $tel_if:network to any port {21,49152:65535} keep state

# Other

pass in quick on $tel_if reply-to ($tel_if $gw_tel) proto tcp from any to any port {22,25,110,143,80,443} keep state

pass in quick on $tel_if reply-to ($tel_if $gw_tel) proto tcp from any to any port {21,49152:65535} keep state

pass in quick on $tel_if reply-to ($tel_if $gw_tel) proto {tcp,udp} from any to any port 53 keep state

pass in quick on $tel_if reply-to ($tel_if $gw_tel) proto icmp from any to any icmp-type 8 code 0 keep state

pass out quick on $tel_if all keep state

############################

# $cnc_if

############################

block in quick on $cnc_if proto tcp all flags SF/SFRA

block in quick on $cnc_if proto tcp all flags SFUP/SFRAU

block in quick on $cnc_if proto tcp all flags FPU/SFRAUP

block in quick on $cnc_if proto tcp all flags /SFRA

block in quick on $cnc_if proto tcp all flags F/SFRA

block in quick on $cnc_if proto tcp all flags U/SFRAU

# Other

pass in quick on $cnc_if reply-to ($cnc_if $gw_cnc) proto tcp from any to any port {22,25,110,143,80,443} keep state

pass in quick on $cnc_if reply-to ($cnc_if $gw_cnc) proto tcp from any to any port {21,49152:65535} keep state

pass in quick on $cnc_if reply-to ($cnc_if $gw_cnc) proto {tcp,udp} from any to any port 53 keep state

pass in quick on $cnc_if reply-to ($cnc_if $gw_cnc) proto icmp from any to any icmp-type 8 code 0 keep state

pass out quick on $cnc_if all keep state0b1331709591d260c1c78e86d0c51c18.png

weixin_36480721
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值