From owner-FreeBSD-users-jp@jp.freebsd.org  Thu Jan 18 04:35:02 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id EAA17382;
	Thu, 18 Jan 2001 04:35:02 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ad.wakwak.com (root@ad.wakwak.com [210.165.16.112])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id EAA17377
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 18 Jan 2001 04:35:02 +0900 (JST)
	(envelope-from okoutakesima@ad.wakwak.com)
Received: from ibm300 (pl032.nas312.kochi.nttpc.ne.jp [210.153.228.32])
	by ad.wakwak.com (8.11.1/8.11.1/2001-01-12) with SMTP id f0HJZ0O99241
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 18 Jan 2001 04:35:01 +0900 (JST)
	(envelope-from okoutakesima@ad.wakwak.com)
Message-ID: <003701c080bc$8fc17080$c848a8c0@ibm300>
From: "takesima" <okoutakesima@ad.wakwak.com>
To: <FreeBSD-users-jp@jp.freebsd.org>
Date: Thu, 18 Jan 2001 04:27:48 +0900
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 58330
Subject: [FreeBSD-users-jp 58330] ipf =?ISO-2022-JP?B?GyRCJE4bKEI=?= rule
 =?ISO-2022-JP?B?GyRCJE4ycjxhSn1LISEpGyhC?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: okoutakesima@ad.wakwak.com

$B$7$P$7$P$*@$OC$K$J$C$F$$$kC]Eg(B@$B2,K-IB1!$G$9!#(B

ipf$B$O(Bipfw$B$H>/$70c$C$?463P$,I,MW$G$J$$$+$H;W$o$l$^$9!#(B
$B$G!";d$O0J2<$N$h$&$K2r<a$9$l$P$o$+$j$d$9$$$+$J$H;W$$;n0F$rDs=P$7$^$9!#(B
$B$7$+$7!"(Bipf$B$rF0$+$7$?$3$H$b$J$$A4$/$NLg304A$G$9$N$G!"8m$C$F$$$l$PD{@5$*4j$$(B
$B$7$^$9!#(B
$B$D$^$j!"(B
aaa.bbb.ccc.ddd/32 $B$=$N$b$N!!$H!!(B192.168.xxx.yyy/32 $B$=$N$b$N$r(B
aaa.bbb.ccc.ddd/24 $B!!$H!!(B192.168.xxx.yyy/24 $B$H$OJL35G0(B
$B$H$9$l$P!"0J2<$N$h$&$KBP>NE*$K9M$($l$FJXMx$@$H;W$$$^$9!#(B

aaa.bbb.ccc.ddd/24
|
|
|pass out on ep0 all head 250
127.0.0.0/8 to any $B!z30It(Bout$B!!%=!<%9$,(B127.0.0.0/8 $B$O$@$a(B
any to 127.0.0.0/8 $B!z30It(Bout$B!!(Bdestination$B$,(B127.0.0.0/8 $B$O$@$a(B
any to aaa.bbb.ccc.ddd/32 $B!z30It(Bout$B!!%=!<%9$,(Baaa.bbb.ccc.ddd/32 $B$=$N$b$N$O$@(B
$B$a(B
|
|
| pass in on ep0 all head 200
127.0.0.0/8 to any $B!y30It(Bin$B!!%=!<%9$,(B127.0.0.0/8$B$OBLL\(B
aaa.bbb.ccc.ddd/32 to any  200$B!y30It(Bin$B!!%=!<%9$,(Baaa.bbb.ccc.ddd/32 $B$=$N$b$N(B
$B$OBLL\(B
192.168.xxx.yyy/0xffffff00 to any $B!y30It(Bin$B%=!<%9$,(B192.168.$B#x#x#x(B.0/24$B$OBLL\(B
|
|
$B!J(Baaa.bbb.ccc.ddd/32$B!K(B
------------------
|$B!!!!!!(B127.0.0.1/8$B!!!!!!(B|
------------------
$B!J(B192.168.xxx.yyy/32$B!K(B
|
|
|pass in on fxp0 all head 300
127.0.0.0/8 to any group 300$B!yFbIt(Bin$B!!%=!<%9$,(B127.0.0.0/8$B$OBLL\(B
192.168.xxx.yyy/32 to any $B!yFbIt(Bin$B!!%=!<%9$,(B192.168.xxx.yyy/32 $B$=$N$b$N$O$@(B
$B$a(B
aaa.bbb.ccc.ddd/0xffffff00 to any group 300$B!yFbIt(Bin$B%=!<%9$,(Baaa.bbb.ccc.0/24
$B$OBLL\(B
|
|
pass out on fxp0 all head 350
127.0.0.0/8 to any $B!zFbIt(Bout$B!!%=!<%9$,(B127.0.0.0/8 $B$O$@$a(B
any to 127.0.0.0/8 $B!zFbIt(Bout$B!!(Bdestination$B$,(B127.0.0.0/8 $B$O$@$a(B
any to 192.168.xxx.yyy/32 $B!z30It(Bout$B!!%=!<%9$,(Baaa.bbb.ccc.ddd/32$B$=$N$b$N$O$@(B
$B$a(B
|
|
192.168.xxx.yyy/24

http://www.tac.tsukuba.ac.jp/~hiromi/ipf.html$B!!$h$j$N?F@Z$J%3!<%I(B
# ipf.simple $B$NFbMF(B
    # Internet $BB&$N%$%s%?!<%U%'%$%9$,(B ep0 $B$N>l9g$G!"(B
    # $B$=$N(B IP $B%"%I%l%9$r(B aaa.bbb.ccc.ddd $B$H$9$k(B
    # $BFbIt$N%$%s%?!<%U%'%$%9$O(B fxp0 $B$G!"(BIP $B$O(B 192.168.xxx.yyy/24 $B$H$9$k(B
    block in log quick from any to any with ipopts
    block in log quick proto tcp from any to any with short

 pass in on ep0 all head 200
    block in from 127.0.0.0/8 to any group 200
    block in from aaa.bbb.ccc.ddd/32 to any group 200
    block in from 192.168.xxx.yyy/0xffffff00 to any group 200

 pass in on fxp0 all head 300
    block in from 127.0.0.0/8 to any group 300
    block in from 192.168.xxx.yyy/32 to any group 300
    block in from aaa.bbb.ccc.ddd/0xffffff00 to any group 300

pass out on ep0 all head 250
    block out from 127.0.0.0/8 to any group 250
    block out from any to 127.0.0.0/8 group 250
    block out from any to aaa.bbb.ccc.ddd/32 group 250


pass out on fxp0 all head 350
    block out from 127.0.0.0/8 to any group 350
    block out from any to 127.0.0.0/8 group 350
    block out from any to 192.168.xxx.yyy/32 group 350

 _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
okoutakesima@ad.wakwak.com
http://www.ad.wakwak.com/~okoutakesima/


