ipfilter - hamaのページ

ipfilter Solaris

/etc/ipf/pfil.apの編集（#外し　または　インターフェースの追加）

# IP Filter pfil autopush setup
#
# See the autopush(1M) manpage for more information.
#
# Format of the entries in this file is:
#
#major  minor lastminor modules

#iprb   -1      0       pfil
#elxl   -1      0       pfil
#e1000g -1      0       pfil
#bge    -1      0       pfil
#nf     -1      0       pfil
#fa     -1      0       pfil
#ci     -1      0       pfil
#el     -1      0       pfil
#ipdptp -1      0       pfil
#lane   -1      0       pfil
#dnet   -1      0       pfil
#pcelx  -1      0       pfil
#spwr   -1      0       pfil
rtls    -1      0       pfil

pfilサービス再起動

#svcadm restart network/pfil

/etc/ipf/ipf.confの編集

複数の行に当てはまる場合は下側の設定が適用される
その行で有効にする場合はquickをつける

#default local out packet pass
pass out quick on lo0 all keep state

#default out packet pass
pass out quick on rtls0 all keep state

#default in packet block
block in log level local2.debug on rtls0 all

#attack by local IP packet 
#block in log level local2.debug quick on rtls0 from 127.0.0.0/8 to any
#block in log level local2.debug quick on rtls0 from 10.0.0.0/8 to any 
#block in log level local2.debug quick on rtls0 from 169.254.0.0/16 to any 
#block in log level local2.debug quick on rtls0 from 172.16.0.0/12 to any 
#block in log level local2.debug quick on rtls0 from 192.168.0.0/16 to any 

# attack by invalid IP option
block in log level local2.debug quick on rtls0 all with opt lsrr
block in log level local2.debug quick on rtls0 all with opt ssrr
#block in log level local2.debug quick from any to any with ipopts 

# attack by too-short IP fragment 
block in log level local2.debug quick on rtls0 proto tcp all with short

#service port pass
pass in quick on rtls0 proto tcp from any to any port = 80 flags S/SA keep state
pass in quick on rtls0 proto tcp from any to any port = 443 flags S/SA keep state
pass in quick on rtls0 proto tcp from any to any port = 25 flags S/SA keep state
#pass in quick on rtls0 proto tcp from any to any port = 110 flags S/SA keep state
pass in quick on rtls0 proto udp from any port = 53 to any

#management port pass
pass in quick on rtls0 proto tcp from 192.168.1.0/24 to any port = 22 flags S/SA keep state
pass in quick on rtls0 proto icmp from any to any icmp-type 8
pass in quick on rtls0 proto icmp from any to any icmp-type 0

syslog関連の設定

#/etc/syslog.confに以下を追加
local0.debug　/var/log/ipf.log（間はTAB）

#touch /var/log/ipf.log
#chmod 644 /var/log/ipf.log
#pkill -HUP syslogd

ipフィルタ起動

#svcadm enable network/ipfilter

マシンリブート

その他

既存のフィルタ設定の削除

#ipf -Fa

設定の適用

#ipf -f /etc/ipf/ipf.conf