1,543
社区成员
发帖
与我相关
我的任务
分享solaris防火墙问题
我的solaris10服务器开启防火墙后,编写了ipfilter规则如下:
block in all
pass in log quick proto tcp from any to any port = 1521
pass in log quick proto tcp from xxxxxxxx to any port=ssh
pass in log quick proto tcp from xxxxxxxx to any port=ssh
pass in log quick proto tcp from xxxxxxxx to any port=telnet
pass in log quick proto tcp from xxxxxxxx to any port=22
启用规则后,连接服务器正常,但是该服务器却无法连接其它机器了,我对出去的包也没限制啊
不知是什么原因,望大师们指点!
block in all
pass in log quick proto tcp from any to any port = 1521
pass in log quick proto tcp from xxxxxxxx to any port=ssh
pass in log quick proto tcp from xxxxxxxx to any port=ssh
pass in log quick proto tcp from xxxxxxxx to any port=telnet
pass in log quick proto tcp from xxxxxxxx to any port=22
启用规则后,连接服务器正常,但是该服务器却无法连接其它机器了,我对出去的包也没限制啊
不知是什么原因,望大师们指点!
...全文
请发表友善的回复…
发表回复
gaowei190684 2019-10-23
- 打赏
- 举报
man ipf.conf
The default way in which filter rules are applied is for the last matching rule to be used as the decision maker. So even if the first rule to match a packet is a pass, if there is a later matching rule that is a block and no further rules match the packet, then it will be blocked
即 默认为block的
侠义小郎君 2019-06-13
- 打赏
- 举报
按我的理解,这种类似于ACL的策略,要把block in all 这条要放到所有策略的最后才行吧
dqjhl 2019-06-12
- 打赏
- 举报
一个回答的都没有
