1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
|
.\"
.\" Heavily modified by Paul ``Rusty'' Russell March 1997
.\"
.\" Based on the original ipfwadm man page by Jos Vos <jos@xos.nl> (see README)
.\"
.\" This program is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation; either version 2 of the License, or
.\" (at your option) any later version.
.\"
.\" This program is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\"
.\"WORD: firewall ե
.\"WORD: interface ե
.\"WORD: source address ȯɥ쥹
.\"WORD: destination address 襢ɥ쥹
.\"WORD: network mask ͥåȥޥ
.\"WORD: user 桼
.\"WORD: chain
.\"WORD: input chain input
.\"WORD: output chain output
.\"WORD: forwarding chain forward
.\"WORD: builtin chain Ȥ߹ߺѤߥ
.\"
.\"
.\" Japanese Version Copyright (c) 2001 OHGAMI Atsushi
.\" all rights reserved.
.\" Translated Sun Jun 10 13:27:00 JST 2001
.\" by OHGAMI Atsushi (ati@ff.iij4u.or.jp)
.\" Sun Jul 12 07:40:00 JST 2001
.\" by MATSUDA Yoh-ichi (matsuda@palnet.or.jp)
.\"
.TH IPCHAINS 8 "February 8, 1998" "" ""
.SH ̾
ipchains \- IP ե
.SH
.BR "ipchains -[ADC] " " 롼ξܺ [ץ]"
.br
.BR "ipchains -[RI] " " 롼ֹ 롼ξܺ [ץ]"
.br
.BR "ipchains -D " " 롼ֹ [ץ]"
.br
.BR "ipchains -[LFZNX] " "[] [ץ]"
.br
.BR "ipchains -P " " å [ץ]"
.br
.BR "ipchains -M " "[ -L | -S ] [ץ]"
.SH
.B ipchains
Linux ͥ IP եΥ롼ꤷݼ餷
뤿ΤΤǤ롣
Υ롼ϡ4 ĤΥƥʬǤ -
IP input () IP output ()
IP forward (ž) ƥ桼Ǥ롣
ơΥƥˡ롼ΰɽ: table/ơ֥ۤ
Ѱդ롣
롼ϥ桼Τɤ줫ĤȤ뤳Ȥ⤢롣
ܺ٤ˤĤƤ
.IR ipfw (4)
ȤΤȡ
.SH å
ե롼ǤϡѥåȤȽȥåȤꤹ롣
оݥѥåȤޥåʤȡμΥ롼뤬롣
롼˰פ硢Υ롼ϥåȤͤˤäƻꤵ롣
åȤͤϥ桼̾ޤ̤ͤǤ
.IR ACCEPT ,
.IR DENY ,
.IR REJECT ,
.IR MASQ ,
.IR REDIRECT ,
.IR RETURN
Τ 1 ĤǤ롣
.sp 0.5
.I ACCEPT
ϡоݥѥåȤ̲ᤵ롣
.I DENY
ϡоݥѥåȤȤΤƵ롣
.I REJECT
ϡоݥѥåȤΤƵȤǤ DENY Ʊ DENY
鵷ǥХåפʤäƤ롣
Τʤ顢ѥåȤΤƤݤоݥѥåȤΤƤȤ ICMP
åֿ뤫Ǥ롣
(
.I DENY
.I REJECT
ϡ ICMP ѥåȤ˴ؤƤưƱǤ뤳Ȥդ줿)
.sp 0.5
.I MASQ
forward ȥ桼ФƤΤͭǤꡢĥͥ뤬
.B CONFIG_IP_MASQUERADE
դǥѥ뤵ƤˤѤǤ롣
ˤꡢѥåȤϤۥȤȯ줿Τ褦
ޥ졼ɤ롣
ˡѥåȤ˥ޥ졼ɤ줿ۥȤФȤ
ǧȶˡưŪ˥ޥ졼ɳ (demasquerade) Ԥ졢
forward Υå鳰롣
.sp 0.5
.I REDIRECT
input ȥ桼ФƤΤͭǤꡢͥ뤬
.B CONFIG_IP_TRANSPARENT_PROXY
դǥѥ뤵ƤˤѤǤ롣
ΥåȤˤꡢ⡼ȥۥȰ줿ѥåȤǤäƤ
ΥåȤؿ롣
쥯ΥݡȤ˥ǥեͤǤ 0 ꤵƤȡ
ΥѥåȤΰݡȤ쥯ΥݡȤȤƻѤ롣
ΥåȤѤϡץΰȤƥݡֹ椬Ǥ롣
.sp 0.5
桼νã뤫ޤϥå
.I RETURN
ĥ롼˥ޥå硢 (ƤӽФ) μ
롼뤬ɾ롣
Ȥ߹ߺѤߥνã뤫ޤȤ߹ߺѤߥΥ롼
åȤȤ
.I RETURN
˥ޥå硢˻ꤵ줿ݥꥷΥѥåȤα̿
ꤹ롣
.SH ץ
.B ipchains
ǧ륪ץϡĤΥ롼פʬǤ롣
.SS ޥ
Υץϼ¹Ԥεǽꤹ -
ʲ̤˻Τʤ¤ꡢޥɥ饤ǤϤΥץΤ
줫Ĥꤹ뤳ȤǤʤ
СΥޥɤ䥪ץ̾ϡɬⴰʷ̾
ꤹɬפϤʤ
.B ipchains
¾Υץȼ̤뤳ȤǤĹнʬǤ롣
: 㤨С --append ξ硢 --a ǻϤޤ륪ץ̾¾ˤʤΤǡ
--app ǤĤǤ롣
.TP
.BR "-A, --append"
1 İʾΥ롼ɲä롣
̾η̡ȯɥ쥹Ȱ襢ɥ쥹ξޤϤ줫̾
1 İʾ IP ɥ쥹ľ硢롼ϳơβǽʥɥ쥹ȹ礻
ɲä롣
.TP
.BR "-D, --delete"
顢1 İʾΥ롼롣
Υޥɤˤ 2 ĤΥС -
롼 (ǽΥ롼 1 ȤƿϤ) ֹ
ꤵ뤫פ롼ˤƻꤵ롣
.TP
.B "-R, --replace"
Υ롼֤롣
̾η̡ȯȰξޤϤ줫̾
ʣ IP ɥ쥹ľ硢ޥɤμ¹ԤϼԤ롣
롼ˤ 1 Ϥޤֹ椬롣
.TP
.B "-I, --insert"
ء 1 İʾΥ롼Υ롼ֹ롣
äơ롼ֹ 1 ꤹȡΥ롼ϥƬ
롣
.TP
.B "-L, --list"
˴ޤޤƤΥ롼ɽ롣
ꤷʤȡƤΥɽ롣
ꤷʤˡ
.B -Z
() ץȤȤ߹碌ͭǤ롣
ΤʽϤ¾ΰλˤäƹԤ롣
.TP
.B "-F, --flush"
Ƥ쵤˾õ롣
ƤΥ롼Ĥĺ뤳ȤǤ롣
.TP
.B "-Z, --zero"
ƤΥΥѥåȥȥХȥ˽롣
ꥢľˤͤΰ٤ˡ
.B "-L, --list"
(ꥹ) ץȤȤ߹碌ͭǤ -
ΥꥢԤݡΥꤹ뤳ȤϽʤ
(
.I Ƥ
ɽȶ˥ꥢ)
.TP
.B "-N, --new-chain"
ꤷ̾Υ桼˺롣
¸ΥåȤƱ̾ϻѤǤʤ
.TP
.B "-X, --delete-chain"
ꤷ桼롣
оݥؤλȤ¸ߤƤϤʤʤ
(ȤƤϡΥˡȸΥ롼
뤫¾ΥذưʤФʤʤ)
Ϳʤä硢 ipchains Ȥ߹ߺѤߥ
ƤΥ桼褦Ȥ롣
.TP
.B "-P, --policy"
ΥݥꥷꤷåȤꤹ롣
åȤˤĤƤϡ
.B å
ιȡ
ݥꥷĤȤǤΤϥ桼ǤϤʤǤꡢ
Ȥ߹ߺѤߥ桼ݥꥷΥåȤȤϤʤʤ
.TP
.B "-M, --masquerading"
Υץϡ(
.B -L
ץȤ߹碌) ߥޥ졼ɤƤ³ꡢ(
.B -S
ץȤ߹碌) ͥ˥ޥ졼ɤͤꤹ롣
.TP
.BI "-S, --set tcp tcpfin udp"
IP ޥ졼ɤ˻Ѥ륿ॢͤѹ롣
ΥޥɤϾ 3 ĤΥѥꡢ줾졢TCP å
FIN ѥåȼ TCP åUDP ѥåȤФ륿ॢ
() ɽ
ॢ 0 ϡбܤθߤΥॢͤݻ
Ȥ̣롣
Υץϡ
.B -M
ե饰ȤȤ߹碌λΤѤǤ롣
.TP
.B "-C, --check"
Ϳ줿ѥåȤȹ礹롣
ΥѥåȤͥåȥ褿 "ʪ" ѥåȤΤ褦˰碌뤳Ȥ
ͥ롼ΥƥȤ˻Ȥ롣
Ȥ߹ߺѤߥ桼åΤˤȤ롣
եΥ롼ꤷϡƥѥѥåȤۤΤˤ
Ȥ롣
äˡ
.B -s
(ȯ)
.B -d
()
.B -p
(ץȥ)
.B -i
(ե) ե饰ɬꤹ롣
.TP
.B "-h, --help"
ޥɤν˴ؤ (ΤȤ˴ñ) ɽ롣
ץ
.IR icmp
ꤹȡICMP ̾ΰɽ롣
.TP
.B "-V, --version"
ñ ipchains ΥСֹɽ롣
.SS
˼ѥ (ɲ (append), (delete), ִ(replace),
(insert) ڤӥå (check) γƥޥɤˤѤ) 롼
䤦
.TP
.BI "-p, --protocol" "[!] protocol"
åоݤȤʤ롼ޤϥѥåȤΥץȥ롣
ץȥˤ
.IR tcp ,
.IR udp ,
.IR icmp ,
.IR all ,
Τɤ줫Ĥꤹ롣
ޤϤΥץȥбץȥֹ䡢Υץȥ
бƤʤֹǤ롣
ޤ /etc/protocols ˤץȥ̾Ǥλ롣
ץȥ "!" ֤ȡΥץȥꤷʤȤˤʤ롣
0
.IR all
Ǥ롣
ץȥ
.I all
ƤΥץȥȰפΥץά줿Υǥե
Ǥ롣
.I all
check ޥɤȤ߹碌ƤϤʤʤ
.TP
.BR "-s, --source, --src " "[!] \fIaddress\fP[/\fImask\fP] [!] [\fIport[:port]\fP]"
ȯλꡣ
.I address
ϡۥ̾ͥåȥ̾Ǥ IP ɥ쥹ΤǤ褤
.I mask
ϡͥåȥޥñʤ (ͥåȥޥκ¦ 1 θĿ) ΤǤ褤
äơ
.I 24
Ȥ mask ͤϡ
.IR 255.255.255.0
Ǥ롣
ɥ쥹 "!" ֤ȡΥɥ쥹ꤷʤȤˤʤ롣
.sp 0.5
ȯˤϥݡȻޤ ICMP פޤƤ褤
ϥӥ̾ݡֹ桢ICMP פο͡뤤
.br
ipchains -h icmp
.br
ޥɤɽ ICMP ̾Τ줫Ǥ褤
.br
ICMP ̾¿ϥפȥɤξȤ뤳Ȥդ줿
äơ
.B -d
ե饰θ ICMP ɤλϸǤ롣
λĤʬǤϡ
.I port
ϥݡȻޤ ICMP פΤ줫̣롣
оݤȤݡȤϰϤ
.IR port : port
Ȥǻꤹ뤳ȤǤ롣
ǽΥݡȤάȡ"0" Ȥߤʤ롣
ǸΥݡȤάȡ"65535" Ȥߤʤ롣
.sp 0.5
ݡȤϡ
.IR tcp ,
.IR udp ,
.I icmp
ץȥȤȤ߹碌ǤΤǽǤ롣
ݡȻ "!" ֤ȡΥݡȤꤷʤȤˤʤ롣
check ޥɤꤵ줿硢̩ 1 ĤΥݡȤɬפǤ롣
.B -f
(fragment) ե饰ꤵ줿硢ݡȤλϵʤ
.TP
.BR "--source-port " "[!] [\fIport[:port]\fP]"
ȯݡȤޤȯݡϰϤΡ̻ǽȤ롣
ܺ٤ˤĤƤϡФ
.B -s
ե饰˴ؤȤΤȡե饰
.B --sport
ϡΥץ̾Ǥ롣
.TP
.BR "-d, --destination, --dst " "[!] \fIaddress\fP[/\fImask\fP] [!] [\fIport[:port]\fP]"
ꡣ
ʸˤĤƤξܺ٤ϡ
.B -s
(source) ե饰βȤΤȡ
ݡȤʤ ICMP ФƤϡ"ݡ" Ͽ ICMP ɤɽ
.TP
.BR "--destination-port " "[!] [\fIport[:port]\fP]"
ݡȤθ̻ǽȤ롣ܺ٤ˤĤƤϡ
.B -s
ե饰βȤΤȡե饰
.B --dport
ϡΥץ̾Ǥ롣
.TP
.BR "--icmp-type " "[!] typename"
ICMP פλǽˤ ( ICMP ̾ǧˤϡ
.B "-h icmp"
ץѤ)
ICMP פղä⡢Ѥۤ
礬¿
.TP
.BR "-j, --jump " "\fItarget\fP"
ϥ롼ΥåȤꤹ -
ʤ롼˥ޥåѥåȤιԤǤ롣
åȤϥ桼 (â롼뤬ޤޤƤΤ
) ѥåȤα̿ľܷꤹΥåȤΤΰĤ
ǽǤ롣
롼ǤΥץά줿ˤϡѥåȤα̿ˤ
ƶʤ롼Υͤä롣
.TP
.BI "-i, --interface " "[!] name"
(input ˤƤ) ѥåȤ̲᤹륤ե̾
(forward ڤ output ˤƤ) ѥåȤ̲᤹
ե̾ꤹ롣
Υץά줿϶ʸȸʤ졢Ƥ
ե̾ꤹ뤳ȤƱ̣ˤʤ롣
ե̾ "!" ֤ȡΥե
ꤷʤȤ̣ˤʤ롣
ե̾ "+" פ"+" ľޤǤʸ
ǻϤޤ륤եƤ˥ޥå롣
.TP
.B "[!] " "-f, --fragment"
Ǥ줿 (fragment: ե饰) ѥåȤΤ 2 ܰʹߤ
ե饰ȤȤ롼Ǥ뤳Ȥ̣롣
Τ褦ʥѥå (ޤ ICMP ) ȯݡȤ䰸ݡȤ
̤ˡ̵ΤǡΥѥåȤϤ롼ȥޥåʤ
"-f" ե饰 "!" ȡ2ܰʹߤΥե饰ȤȤʤ
.SS ¾Υץ
ʲΥץɲä뤳ȤǤ -
.TP
.BI "-b, --bidirectional"
⡼ɡ
롼 IP ѥåȤФ˥ޥå -
ȯȰƥ롼֤ƵҤ뤳ȤƱ̤
⤿餹
TCP syn ѥåȤФĤ -b 롼ŬȡTCP syn
ѥåȤǤʤѥåȤμĤˤϤʤʤ
: -b ե饰ȿФ̣뤫Ȥäơ"TCP synѥå" ȿ
ΰ̣ "SYNѥå" Ȥбˤʤäꡢ "ѥåȤ" ȿ
ΰ̣ "ѥåȤμȤ" ȤбˤϤʤʤ
̣ȿФˤʤΤȯɥ쥹Ȱ襢ɥ쥹θˤѥåȤ
Ǥꡢ "SYN ѥå" "SYNѥå" ˤϤʤʤ
input output ˰ѤǤʤ
Ĥޤꡢ-b ե饰ϻȤ鷺ˡȰĤĥ롼ꤷۤ褤
.TP
.BI "-v, --verbose"
ܺɽ
ΥץϡޥɤΥեɥ쥹(⤷)
롼ΥץTOS ޥѥåȤȥХȤΥɽˤ
ɽ롣
ɽθ 'K', 'M', 'G' ϳơ 1000, 1,000,000, 1,000,000,000 ܤ
̣롣
(â
.B -x
ե饰Ϥɽˡѹ롣)
.BR -M
Ȥ߹碌ƻȤȡǥ륿ֹ (delta sequence numbers)
Ϣɽ롣
ɲáִˤΥץŬѤȡ롼ξܺپ
ɽ褦ˤʤ롣
.TP
.BI "-n, --numeric"
ͤǤνϡ
IP ɥ쥹ȥݡֹ椬ͷǽϤ롣
ǥեȤǤϡ ipchains Ϥۥ̾ͥåȥ̾
ӥ̾()ɽ褦Ȼߤ롣
.TP
.BI "-l, --log"
ޥåѥåȤͥΥ˵Ͽ롣
롼ˤΥץꤵ Linux ͥ
.IR printk()
ؿ̤ơޥåѥåƤ(¿ IP إåեɤ˴ؤ)
Ϥ롣
.TP
.BI "-o, --output" " [maxsize]"
ޥåѥåȤ桼֤ΥǥХإԡ롣
ϸ˥桼֤ǥեθ̤ȤäƲ
ȯԤѤ롣
ץκ祵ϥԡѥåȤκ¤
٤˻Ȥ롣
Υץϥͥ CONFIG_IP_FIREWALL_NETLINK ꤷ
ѥ뤷ΤͭǤ롣
.TP
.BI "-m, --mark" " markvalue"
ޥåѥåȤ˰դ롣
ѥåȤˤ 32 ӥåȤ̵οͤǰդ졢
ͤˤä (Τ) ΥѥåȤ
ɤΤ褦˰뤫ѹǤ褦ˤʤ
ʤͥϥåǤʤСΥץϵˤʤɤ
.I ޡ
+ - Ϥޤݤˤϡ (Ϥޤ) ߤΥޡͤ餽ͤ
ûϸ롣
.TP
.BI "-t, --TOS" " andmask xormask"
IP إå TOS եɤѹ٤˻Ѥޥ
ѥåȤ롼˥ޥå TOS եɤ 1 ܤΥޥ
ǥӥåñ̤ѤԤ졢η̤ 2 ܤΥޥǥӥåñ̤
¾Ū¤Ԥ롣
ޥͤ 16 ʤ 8 ӥåͤǻꤹ롣
TOS եɤ LSB ѤǤʤФʤʤ (RFC 1349)
ѹ褦Ȥȡ䤵롣
ʤ TOS ӥåȤ 1 İʾꤵƤΤ˳롣
ѥåȤʣ TOS ӥåȤꤷ褦Ȥȡ(ɸϤ̤)
˥åФ
Τ褦 TOS ͤĥѥåȤ롼ã뤳ȤϤʤ
狼äƤʤ顢˥å̵Ǥ롣
TOS ϥ롼ΥåȤ
.I DENY
.IR REJECT
ξˤ̵̣Ǥ롣
.TP
.BI "-x, --exact"
ֹɽγĥ
ѥåȵڤӥХȥͤ K (1000) M (1000K)
G (1000M)ǴݤͤǤʤΤͤɽ롣
Υץ
.B -L
ޥɤǤΤͭǤ롣
.TP
.BI "[!] -y, --syn"
TCP ѥåȤ⡢SYN ӥåȤåȤ ACK ӥåȤ FIN ӥåȤꥢ
줿ѥåȤˤΤߥޥå롣
Τ褦ʥѥåȤϡTCP ³γ˻Ѥ롣
㤨С륤ե夹뤽Τ褦ʥѥåȤǤȡ
TCP ³ɻߤ뤬 TCP ³ϱƶʤ
Υץϡץȥμब TCP ꤵƤˤΤ̣߰ġ
"-y" "!" ե饰ȡΥץȽ̤ꤵ롣
: -y ξ硢ơΥӥåȤξ "SYN=1 and ACK=0 and FIN=0"
ȹ礻ˤΤߥޥå롣
"! -y" ϤʤΤǡƥӥåȤȹ礻嵭ʳƤΥѥåȤ
ޥå롣
ʤ "SYN=0 or ACK=1 or FIN=1" Ȥˤʤ롣
SYN ӥåȤ 0 ǤɤΤϸޤǤʤ㤨
"SYN=1 and ACK=1 and FIN=0" Ȥȹ礻Ǥޥå롣
.TP
.BI "--line-numbers"
롼ɽݡƥ롼ƬˤΥ롼ΥǤ
֤бֹɲä롣
.TP
.BI "--no-warnings"
Ƥηٹ̵ˤ롣
.SH ե
.I /proc/net/ip_fwchains
.br
.I /proc/net/ip_masquerade
.SH ֤
Ƽ泌顼åɸ२顼Ϥ˽Ϥ롣
ưνλɤ 0 Ǥ롣
̵ʡϸäޥɹԥѥ˵Ȼפ륨顼ϡ
λ 2 ȯ롣
¾Υ顼Ǥνλɤ 1 Ǥ롣
.SH Х
.PP
ߥʥ뤫Ϥˤ forward إ롼뤬ޤɲä줿
Ȥ IP žǽͭˤʤäƤʤ --no-warnings
ꤷƤʤСޤ IP žԤʤȤٹ𤹤
åɸϤɽ롣
ϡ(2.0 ͥˤ¸ߤʤä) ɬ˵դʤ桼
뤿ΤΤǤ롣
.PP
ѥåȥȥХȥ 1 ĤΥʬꥻåȤ
ˡ̵ϥͥ¤Ǥ롣
.PP
롼פθΤ ipchains ǤϹԤʤ
롼֤ˤѥåȤ˴˵Ͽ뤬
ä롼פäƤޤȤθơ鸫ĤФȤ
ɬפǤ롣
.PP
2.1 ͥΥѥåȥ塼Υ롼ܽҤʸ
ѥåȤΥޡθ̤˴ؤϰտŪ
ۣˤƤ롣
.PP
(Ȥ߹ߺѤߥ) ݥꥷ 0 ˤˡ̵
.SH
.B ipchains
ϡ IP եĥѤȤǡJos Vos
ipfwadm Ȥ礭ۤʤäƤ롣
ipchains εǽ ipfwadm ΥѡåȤǤꡢޥɤϤۤ 1 1
бդ뤳ȤǤ롣
ޥ̾ϡŬäΤǤȻפ
ȤϤդ٤ѹ⤤Ĥ¸ߤ롣
.PP
ե饰Ȥΰۤʤ롣
ϡ2 ܰʹߤΥե饰Ȥ̲ᤵƤ (̾ϰǤ)
ߤǤϡե륿뤳ȤǤ롣
ʤ ipfwadm 롼Ѵݤˤϡե饰ȤĤ
롼ʤФʤʤ
ƱͤˡڤӰݡȤ 0xFFFF (ICMP Ǥ 0xFF) ꤷ
å롢Ť (accounting)롼õɬפ롣
ϥե饰ȤפŤˡǤ롣
.PP
(accounting) 롼ϡߤ input output
礵Ƥ롣
εưƱ褦ˤˤϰʲΤ褦ˤФ褤 -
.br
ipchains -N acctin
.br
ipchains -N acctout
.br
ipchains -N acctio
.br
ipchains -I input -j acctio
.br
ipchains -I input -j acctin
.br
ipchains -I output -j acctio
.br
ipchains -I output -j acctout
.br
3 ĤΥ桼
.IR acctin ,
.I acctout ,
.IR acctio ,
롣
Ϥץ롼ޤ롣
(Υ롼
.B -j
ե饰Ȥ鷺ꤹ٤Ǥ롣
СѥåȤϤΥñ̵Τޤ̲᤹롣)
.PP
ͥ뤬
.I MASQ
åȤ
.I REDIRECT
åȤŬڤʤȤˤ (Ĥޤꡢ forward 롼ʳ
MASQ äꡢϥ롼ʳ REDIRECT ) ΤĤȡsyslog
˥åϿΥѥåȤ˴롣
.PP
SYN ڤ ACK ˹פݤθŤư (衢 TCP ѥåȤФƤ
̵뤵Ƥ) ѹ줿
TCP ѥåȸͭΥ롼Ф SYN ץϸǤ롣
.PP
ACK ޥåץ (
.B -k
ե饰) ϡϤ䥵ݡȤʤ
.B !
.B -y
ȤȤ߹碌)
.PP
ߤǤϡTOS κDz̥ӥåȤꡦѹ TOS ޥ
Τϥ顼ˤʤ -
TOS ޥξ硢Τ褦ʻߤϥͥۤä
ѹƤ
.PP
ߡ
.B -b
ե饰ñڤӰλȿž롼ȹ礻
Ϻ٤ˤʤä
.PP
եɥ쥹ǻꤹˡ̵ե̾Ȥȡ
.SH Ϣ
ipfw(4)
.SH
Rusty Russell <rusty@linuxcare.com>٤ޤǹƤ줿 Hans Persson
ˤ餬䤬ʸϡɤǤ餤!
.SH
<ati@ff.iij4u.or.jp>
.br
۰ <matsuda@palnet.or.jp>
.SH ܸǹ
Ϻ <argrath@ub32.org>
.br
<takei@webmasters.gr.jp>
.br
<amotoki@dd.iij4u.or.jp>
.br
غ ã <tsekine@isoternet.org>
|
