今天在http://sourceforge.net上看,发现了一款WINDOWS的防火墙软件,居然是IPFW的WINDOWS移植版本,m0n0wall里的流量整形用的就是IPFW.这是下载地址: http://sourceforge.net/project/showfiles.php?group_id=113599
下载了一份,下面是发行版本的目录清单:
│ changes.txt
│ config.cmd
│ install-deny.cmd
│ install.cmd
│ md5sum
│ README.TXT
│ uninstall.cmd
│ wipfw.conf
│
└───bin
ipfw.exe
ip_fw-allow.sys
ip_fw-deny.sys
loadrules.cmd
首先,运行install.cmd,安装这个防火墙, 加载的就是 wipfw.conf这个配置文件.
wipfw.conf的内容如下:
# First flush the firewall rules
-f flush
# Localhost rules
add 100 allow all from any to any via lo*
# Prevent any traffic to 127.0.0.1, common in localhost spoofing
add 110 deny log all from any to 127.0.0.0/8 in
add 110 deny log all from 127.0.0.0/8 to any in
#Testing rules, to find ports used by services if we aren't sure. These rules allow ALL traffic to pass through the firewall, disabling any subsequent rules
#add 140 allow log logamount 500 tcp from any to any
#add 150 allow log logamount 500 udp from any to any
add check-state
add pass all from me to any out keep-state
add count log ip from any to any
熟悉吧,呵呵! 根FB里面的IPFW完全就是一个语法.
|
