|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| IP6FW(8) | FreeBSD System Manager's Manual | IP6FW(8) |
̾¾Î
ip6fw —
½ñ¼°
ip6fw [-nq]
[-p preproc
[-D
macro[=value]]
[-U macro]]
pathname ip6fw
[-n] [-f |
-q] flush ip6fw
[-nq] zero [number ...]
ip6fw [-n] delete
number ... ip6fw
[-aftN] list [number ...]
ip6fw [-ftN] show
[number ...] ip6fw
[-nq] add [number]
action [log] proto from
src to dst [via
name | ipv6no]
[options]
²òÀâ
´Êñ¤ËÀßÄꤹ¤ë¤¿¤á¤Ë¡¢¥ë¡¼¥ë¤ò¥Õ¥¡¥¤¥ë¤Ë³ÊǼ¤·¤Æ¡¢ºÇ½é¤Î½ñ¼°¤Ë¼¨¤¹¤è¤¦¤Ëip6fw
¤Ë½èÍý¤µ¤»¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£
ÀäÂÐ pathname
¤ò»ÈÍѤ¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¥Õ¥¡¥¤¥ë¤Ï¡¢1
¹Ô¤º¤ÄÆɤ߹þ¤Þ¤ì¡¢
ip6fw
¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ø¤Î°ú¿ô¤ËŬÍѤµ¤ì¤Þ¤¹¡£
¥ª¥×¥·¥ç¥ó¤È¤·¤Æ¡¢¥×¥ê¥×¥í¥»¥Ã¥µ¤ò
-p preproc
¤Ç»ØÄê²Äǽ¤Ç¤¢¤ê¡¢¤³¤³¤ò
pathname
¤¬¥Ñ¥¤¥×¤µ¤ì¤Þ¤¹¡£
ÍÍѤʥץê¥×¥í¥»¥Ã¥µ¤Ë¤Ï
cpp(1)
¤È
m4(1)
¤¬¤¢¤ê¤Þ¤¹¡£
preproc
¤ÎºÇ½é¤Îʸ»ú¤¬¥¹¥é¥Ã¥·¥å
(‘/’)
¤Ç³«»Ï¤·¤Ê¤¤¾ì¹ç¡¢Ä̾ï¤Î
PATH
¤Î̾Á°¸¡º÷¤¬¼Â¹Ô¤µ¤ì¤Þ¤¹¡£
ip6fw
¼Â¹Ô»þ¤Ë¤Ï
(¤Þ¤À)
Á´¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤¬¥Þ¥¦¥ó¥È¤µ¤ì¤Æ¤¤¤Ê¤¤´Ä¶¤Ë¤ª¤¤¤Æ¤Ï¡¢
Ãí°Õ¤¬É¬ÍפǤ¹
(Î㤨¤Ð NFS
·Ðͳ¤Ç¥Þ¥¦¥ó¥È¤¹¤ë¾ì¹ç)¡£
°ìÅÙ -p
¤¬»ØÄꤵ¤ì¤ë¤È¡¢¥ª¥×¥·¥ç¥ó¤Î
-D ¤È -U
¤Î»ØÄê¤ò³¤±¤ë¤³¤È¤¬²Äǽ¤Ç¤¢¤ê¡¢¤³¤ì¤é¤Ï¥×¥ê¥×¥í¥»¥Ã¥µ¤ËÅϤµ¤ì¤Þ¤¹¡£
¤³¤ì¤Ë¤è¤ê¡¢ÀßÄê¥Õ¥¡¥¤¥ë
(¥í¡¼¥«¥ë¥Û¥¹¥È̾¤Ë¤è¤ë¾ò·ïÅù)
¤¬½ÀÆð¤Ë¤Ê¤ê¡¢
IP
¥¢¥É¥ì¥¹Åù¤ÎÉÑÈˤËɬÍפȤʤë°ú¿ô¤ò½¸Ãæ´ÉÍý²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
ip6fw
¥³¡¼¥É¤Ï¡¢³Æ¥Ñ¥±¥Ã¥È¤ËÂФ·¤Æ¥Þ¥Ã¥Á¤¹¤ë¤â¤Î¤¬¸«¤Ä¤«¤ë¤Þ¤Ç
¥ë¡¼¥ë¥ê¥¹¥È¤òÁöºº¤¹¤ë¤³¤È¤Ë¤è¤Ã¤ÆÆ°ºî¤·¤Þ¤¹¡£
¥ë¡¼¥ë¤Ë¤Ï¤¹¤Ù¤Æ
2
¤Ä¤Î´ØÏ¢¤Î¤¢¤ë¥«¥¦¥ó¥¿¤¬¤¢¤ê¤Þ¤¹¡£
¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿¤Ç¤¹¡£
¤³¤ì¤é¤Î¥«¥¦¥ó¥¿¤Ï¥Ñ¥±¥Ã¥È¤¬¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤¹¤ë¤È¤¤Ë
¹¹¿·¤µ¤ì¤Þ¤¹¡£
¥ë¡¼¥ë¤Ï¡¢ 1 ¤«¤é 65534 ¤Þ¤Ç¤Î “¹ÔÈÖ¹æ” ¤Ç½øÎ󤬤Ĥ±¤é¤ì¤Æ¤ª¤ê¡¢ ¥ë¡¼¥ë¤ò·è¤á¤¿¤êºï½ü¤·¤¿¤ê¤¹¤ë¤Î¤Ë»ÈÍѤµ¤ì¤Þ¤¹¡£ ¥ë¡¼¥ë¤Ï¾º½ç¤Ç»î¤µ¤ì¡¢¥Ñ¥±¥Ã¥È¤ËºÇ½é¤Ë¥Þ¥Ã¥Á¤·¤¿¥ë¡¼¥ë¤¬ ŬÍѤµ¤ì¤Þ¤¹¡£ Ê£¿ô¤Î¥ë¡¼¥ë¤¬Æ±¤¸¹ÔÈÖ¹æ¤ò¶¦Í¤Ç¤¤Þ¤¹¡£ ¤³¤Î¾ì¹ç¡¢Äɲä·¤¿½çÈ֤ǥ롼¥ë¤¬Å¬ÍѤµ¤ì¤Þ¤¹¡£
ÈÖ¹æ¤ò¤Ä¤±¤º¤Ë¥ë¡¼¥ë¤ò¤·¤¿¾ì¹ç¡¢¤½¤ÎľÁ°¤Î¥ë¡¼¥ë¤è¤ê¤â 100 Â礤¤Èֹ椬¤Ä¤±¤é¤ì¤Þ¤¹¡£ ÄêµÁ¤µ¤ì¤¿¥ë¡¼¥ëÈÖ¹æ¤ÎºÇÂçÃͤ¬ 65434 ¤è¤ê¤âÂ礤¤¾ì¹ç¡¢ ¿·¤·¤¯ÄêµÁ¤µ¤ì¤ë¥ë¡¼¥ë¤Ï¡¢¥ë¡¼¥ë¤ÎºÇ¸å¤ËÄɲ䵤ì¤Þ¤¹¡£
delete Áàºî¤Ç¤Ï¡¢¤½¤ì¤¬Â¸ºß¤¹¤ë¾ì¹ç¤Ë¤Ï¡¢ number ¤ò¹ÔÈÖ¹æ¤Ë¤â¤ÄºÇ½é¤Î¥ë¡¼¥ë¤¬ºï½ü¤µ¤ì¤Þ¤¹¡£
list ¥³¥Þ¥ó¥É¤Ï¡¢¸½ºß¤Î¥ë¡¼¥ë¥»¥Ã¥È¤ò½ÐÎϤ·¤Þ¤¹¡£
show ¥³¥Þ¥ó¥É¤Ï `ip6fw -a list' ¤ÈÅù²Á¤Ç¤¹¡£
zero Áàºî¤Ï¡¢¥ë¡¼¥ëÈÖ¹æ number ¤Ë´ØÏ¢¤Å¤±¤é¤ì¤¿¥«¥¦¥ó¥¿¤ò 0 ¤Ë¤·¤Þ¤¹¡£
flush Áàºî¤Ï¡¢¤¹¤Ù¤Æ¤Î¥ë¡¼¥ë¤òºï½ü¤·¤Þ¤¹¡£
‘#’ ¤Ç»Ï¤Þ¤ë¥³¥Þ¥ó¥É¤ª¤è¤Ó¶õÇò¤À¤±¤Î¥³¥Þ¥ó¥É¤Ï¤ß¤Ê ̵»ë¤µ¤ì¤Þ¤¹¡£
¼¡¤Î¥ë¡¼¥ë¤Ïɬ¤ºÂ¸ºß¤·¤Þ¤¹:
65535 deny all from any to any
¤³¤Î¥ë¡¼¥ë¤Ï¥Ç¥Õ¥©¥ë¥È¤Î¥Ý¥ê¥·¤Ç¤¹¡£¤¹¤Ê¤ï¤Á¡¢ ²¿¤âµö¤µ¤Ê¤¤¤È¤¤¤¦¤³¤È¤Ç¤¹¡£¥ë¡¼¥ë¤òÀßÄꤹ¤ëºÝ¤Ë ¤¢¤Ê¤¿¤¬¤¹¤Ù¤»Å»ö¤Ï¡¢¤³¤Î¥Ý¥ê¥·¤òɬÍפ˹ç¤ï¤»¤Æ Êѹ¹¤¹¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
¼¡¤Î¥ª¥×¥·¥ç¥ó¤¬»ÈÍѤǤ¤Þ¤¹:
-a- ¥ê¥¹¥ÈÃæ¤Ë¡¢¥«¥¦¥ó¥¿Ãͤòɽ¼¨¤·¤Þ¤¹¡£ “show” ¥³¥Þ¥ó¥É¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
-f- ´Ö°ã¤Ã¤Æ»ÈÍѤ¹¤ë¤ÈÌäÂê¤ò¤Ò¤µ¯¤³¤¹²ÄǽÀ¤Î¤¢¤ë ¥³¥Þ¥ó¥É (¤Ä¤Þ¤ê¡¢flush) ¤Î³Îǧ¤ò¤È¤ê¤Þ¤»¤ó¡£ Ãí°Õ¡¢ ¥×¥í¥»¥¹¤ËüËö¤¬³ä¤êÅö¤Æ¤é¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢°ÅÌۤΤ¦¤Á¤Ë ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
-n- ¥³¥Þ¥ó¥Éʸ»úÎó¤Îʸˡ¤ò¥Á¥§¥Ã¥¯¤¹¤ë¤À¤±¤Ç¡¢Ê¸»úÎó¤ò¼ÂºÝ¤Ë¥«¡¼¥Í¥ë¤Ë ÅϤ¹¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¡£
-q- add Áàºî¤ä zero Áàºî¡¢flush Áàºî¤ò¹Ô¤Ã¤Æ¤¤¤ëºÇÃæ¤Ë¡¢ ¤½¤Î¥¢¥¯¥·¥ç¥ó¤ËÂФ·¤Æ²¿¤âɽ¼¨¤·¤Þ¤»¤ó (°ÅÌۤΤ¦¤Á¤Ë '-f' ¤¬»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹)¡£ ¤³¤ì¤Ï¡¢¥ê¥â¡¼¥È¥í¥°¥¤¥ó»þ¤Î¥»¥Ã¥·¥ç¥ó¤Ç ¥¹¥¯¥ê¥×¥ÈÆâ¤ÇÊ£¿ô¤Î ip6fw ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤¿¤ê (Î㤨¤Ð¡¢sh /etc/rc.firewall ¤Î¤è¤¦¤Ë)¡¢ ¤¿¤¯¤µ¤ó¤Î ip6fw ¥ë¡¼¥ë¥Õ¥¡¥¤¥ë¤ò½èÍý¤·¤¿¤ê¤¹¤ë¤³¤È¤Ç ¥ë¡¼¥ë¤òÄ´À᤹¤ë¤È¤¤ËÊØÍø¤Ç¤¹¡£ Ä̾ï¥â¡¼¥É (¾éĹ) ¤Ç flush Áàºî¤ò¹Ô¤¦¤È¡¢¥á¥Ã¥»¡¼¥¸¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£ ¥ë¡¼¥ë¤¬¤¹¤Ù¤Æ flush ¤µ¤ì¤ë¤Î¤Ç¡¢¥í¥°¥¤¥ó¥»¥Ã¥·¥ç¥ó¤Ë ¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ë¤³¤È¤¬¤Ç¤¤º¡¢¥í¥°¥¤¥ó¥»¥Ã¥·¥ç¥ó¤âÊĤ¸¤Æ¤·¤Þ¤¤¤Þ¤¹¡£ ¤½¤Î¤¿¤á¡¢»Ä¤ê¤Î¥ë¡¼¥ë¥»¥Ã¥È¤Ï½èÍý¤µ¤ì¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¤¤Þ¤¹¡£ Éüµì¤Ë¤Ï¡¢¥³¥ó¥½¡¼¥ë¤Ø¤Î¥¢¥¯¥»¥¹¤¬É¬Íפˤʤê¤Þ¤¹¡£
-t- list ¤·¤Æ¤¤¤ëºÇÃæ¤Ë¡¢ºÇ¸å¤Ë¥Þ¥Ã¥Á¤·¤¿¤È¤¤Î¥¿¥¤¥à¥¹¥¿¥ó¥×¤òɽ¼¨¤·¤Þ¤¹¡£
-N- ½ÐÎϤǡ¢¥¢¥É¥ì¥¹¤ª¤è¤Ó¥µ¡¼¥Ó¥¹Ì¾¤ò²ò·è¤·¤è¤¦¤È¤·¤Þ¤¹¡£
¥¢¥¯¥·¥ç¥ó ¤Ï¼¡¤ÎÄ̤ê¤Ç¤¹¡£
- allow
- ¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤òµö²Ä¤·¤Þ¤¹¡£ ¤½¤·¤Æõº÷¤ò½ªÎ»¤·¤Þ¤¹¡£ÊÌ̾¤Ï pass, permit, accept ¤Ç¤¹¡£
- deny
- ¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤ò¼Î¤Æ¤Þ¤¹¡£ ¤½¤·¤Æõº÷¤ò½ªÎ»¤·¤Þ¤¹¡£ drop ¤Ï deny ¤ÎÊÌ̾¤Ç¤¹¡£
- reject
- (Èó¿ä¾©¤Ç¤¹¡£) ¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤ò¼Î¤Æ¤Æ¡¢ ICMPv6 ¤Î host unreachable notice ¥á¥Ã¥»¡¼¥¸¤ò Á÷¤í¤¦¤È¤·¤Þ¤¹¡£ ¤½¤·¤Æõº÷¤ò½ªÎ»¤·¤Þ¤¹¡£
- unreach code
- ¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤ò¼Î¤Æ¤Æ¡¢ ICMPv6 ¤Î unreachable notice ¥á¥Ã¥»¡¼¥¸¤ò¥³¡¼¥É code ¤ÇÁ÷¤í¤¦¤È¤·¤Þ¤¹¡£¤³¤³¤Ç¡¢ code ¤Ï 0 ¤«¤é 255 ¤Þ¤Ç¤ÎÈÖ¹æ¤â¤·¤¯¤Ï¼¡¤ÎÊÌ̾¤Î¤¦¤Á¤Î¤¤¤º¤ì¤«¤Ç¤¹: noroute, admin, notneighbor, addr, noport ¡£ ¤½¤·¤Æõº÷¤ò½ªÎ»¤·¤Þ¤¹¡£
- reset
- TCP ¥Ñ¥±¥Ã¥È¤Î¤ß¤Ç¤¹¡£ ¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤ò¼Î¤Æ¤Æ¡¢ TCP reset (RST) notice ¥á¥Ã¥»¡¼¥¸¤òÁ÷¤í¤¦¤È¤·¤Þ¤¹¡£ ¤½¤·¤Æõº÷¤ò½ªÎ»¤·¤Þ¤¹¡£
- count
- ¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤¿¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤ËÂФ¹¤ë¥«¥¦¥ó¥¿¤ò ¹¹¿·¤·¤Þ¤¹¡£ õº÷¤Ï¡¢¼¡¤Î¥ë¡¼¥ë¤Ø¤È·Ñ³¤·¤Þ¤¹¡£
- skipto number
- number ¤è¤ê¤â¾®¤µ¤¤ÈÖ¹æ¤Î¤Ä¤¤¤¿¥ë¡¼¥ë¤ò¥¹¥¥Ã¥×¤·¤Þ¤¹¡£ õº÷¤Ï number °Ê¾å¤ÎÈÖ¹æ¤Î¤Ä¤¤¤¿¥ë¡¼¥ë¤Ø¤È·Ñ³¤·¤Þ¤¹¡£
¥«¡¼¥Í¥ë¤ò
IPV6FIREWALL_VERBOSE
¤Ä¤¤Ç¥³¥ó¥Ñ¥¤¥ë¤·¤¿¾ì¹ç¡¢¥Ñ¥±¥Ã¥È¤¬
“log”
¥¡¼¥ï¡¼¥É¤Ä¤¤Î¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤¿¤È¤
¤Þ¤¿¤Ï clear/resetlog
¤¬¼Â¹Ô¤µ¤ì¤¿¤È¤¤Ë¤Ï¡¢
¥á¥Ã¥»¡¼¥¸¤¬
syslogd(8)
¤ËµÏ¿¤µ¤ì¤ë¤«¡¢¤³¤ì¤¬¼ºÇÔ¤·¤¿¤È¤¤Ë¤Ï¥³¥ó¥½¡¼¥ë¤Ë¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£
¥«¡¼¥Í¥ë¤ò
IPV6FIREWALL_VERBOSE_LIMIT
¥ª¥×¥·¥ç¥ó¤Ä¤¤Ç¥³¥ó¥Ñ¥¤¥ë¤·¤¿¾ì¹ç¡¢
ÆÃÄê¤Î¥Á¥§¡¼¥ó¥¨¥ó¥È¥ê¤ËÂФ·¤Æ
¤³¤Î¥ª¥×¥·¥ç¥ó¤Ç»ØÄꤷ¤¿¿ô¤À¤±¥Ñ¥±¥Ã¥È¤ò¼õ¤±¼è¤Ã¤¿¸å¤Ï
¥í¥°¤òµÏ¿¤·¤Þ¤»¤ó¡£
¤³¤ÎÀ©¸Â¤ËÅþ㤷¤¿¾ì¹ç¡¢À©¸Â¤È¥ë¡¼¥ëÈֹ椬µÏ¿¤µ¤ì¤Þ¤¹¡£
¤³¤Î¥¨¥ó¥È¥ê¤ËÂФ¹¤ë¥«¥¦¥ó¥¿¤ò¥¯¥ê¥¢¤¹¤ë¤³¤È¤Ç¥í¥°¤ÎµÏ¿¤òºÆ³«¤Ç¤¤Þ¤¹¡£
syslogd(8) ¥í¥°¤ª¤è¤Ó¥Ç¥Õ¥©¥ë¥È¤Î¥í¥°¤ÎÀ©¸Â¤ò¡¢ sysctl(8) ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò²ð¤·¤ÆưŪ¤ËÄ´À°¤Ç¤¤Þ¤¹¡£
proto ¤Ï¼¡¤ÎÄ̤ê¤Ç¤¹¡£
- ipv6
- ¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤¬¥Þ¥Ã¥Á¤·¤Þ¤¹¡£ ÊÌ̾ all ¤ÏƱ¤¸¸ú²Ì¤ò»ý¤Á¤Þ¤¹¡£
- tcp
- TCP ¥Ñ¥±¥Ã¥È¤À¤±¤¬¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- udp
- UDP ¥Ñ¥±¥Ã¥È¤À¤±¤¬¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- ipv6-icmp
- ICMPv6 ¥Ñ¥±¥Ã¥È¤À¤±¤¬¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- <number|name>
- »ØÄꤷ¤¿¥×¥í¥È¥³¥ë¤À¤±¤¬¥Þ¥Ã¥Á¤·¤Þ¤¹ (´°Á´¤Ê¥ê¥¹¥È¤Ï /etc/protocols ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤)¡£
src ¤ª¤è¤Ó dst ¤Ï¼¡¤ÎÄ̤ê¤Ç¤¹¡£
- <address/prefixlen>
- [ports]
<address/prefixlen> ¤Ï¼¡¤Î¤è¤¦¤Ë»ØÄê¤Ç¤¤Þ¤¹:
- ipv6no
fec0::1:2:3:4¤È¤¤¤¦·Á¼°¤Î IPv6 ¥Ê¥ó¥Ð¡£- ipv6no/prefixlen
fec0::1:2:3:4/112¤Î¤è¤¦¤Ê·Á¼°¤Î¥×¥ì¥Õ¥£¥Ã¥¯¥¹Ä¹¤ò¤â¤Ã¤¿ IPv6 ¥Ê¥ó¥Ð¡£
“not” ½¤¾þ»Ò¤ò¥¢¥É¥ì¥¹¤ÎÁ°¤Ë¤Ä¤±¤ë¤³¤È¤Ç¡¢¥Þ¥Ã¥Á¤Î°ÕÌ£¤òȿž¤µ¤»¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ ¤³¤ì¤Ë¤è¤Ã¤Æ¡¢Â¾¤Î¤¹¤Ù¤Æ¤Î¥¢¥É¥ì¥¹¤¬Âå¤ï¤ê¤Ë¥Þ¥Ã¥Á¤¹¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£ ¤³¤ì¤Ï¡¢¥Ý¡¼¥ÈÈÖ¹æ¤ÎÁªÂò¤Ë¤Ï±Æ¶Á¤¢¤ê¤Þ¤»¤ó¡£
TCP ¤ª¤è¤Ó UDP ¥×¥í¥È¥³¥ë¤Ç¤Ï¡¢¥ª¥×¥·¥ç¥ó¤Ç ports ¤¬¼¡¤Î¤è¤¦¤Ë»ØÄê¤Ç¤¤Þ¤¹:
- {port|port-port}[,port[,...]]
(/etc/services
¤è¤ê)
¥µ¡¼¥Ó¥¹Ì¾¤ò¡¢
¿ôÃͤˤè¤ë¥Ý¡¼¥ÈÈÖ¹æ¤ÎÂå¤ï¤ê¤Ë»ÈÍѤǤ¤Þ¤¹¡£
ÈϰϤϺǽé¤ÎÃͤȤ·¤Æ¤Î¤ß»ØÄê¤Ç¤¡¢¥Ý¡¼¥È¥ê¥¹¥ÈŤÏ
IPV6_FW_MAX_PORTS
(<netinet6/ip6_fw.h>
¤Ç»ØÄê)
¸Ä¤Î¥Ý¡¼¥È¤Þ¤Ç¤ËÀ©¸Â¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
0 ¤Ç¤Ï¤Ê¤¤¥ª¥Õ¥»¥Ã¥È¤ò»ý¤Ä (¤¹¤Ê¤ï¤Á¡¢ºÇ½é¤Î¥Õ¥é¥°¥á¥ó¥È¤Ç¤Ï¤Ê¤¤) ¥Õ¥é¥°¥á¥ó¥È¥Ñ¥±¥Ã¥È¤Ï¡¢1 ¤Ä°Ê¾å¤Î¥Ý¡¼¥È¤¬Îóµó¤µ¤ì¤¿¥ë¡¼¥ë¤Ë¤Ï ÀäÂФ˥ޥåÁ¤·¤Þ¤»¤ó¡£ ¥Õ¥é¥°¥á¥ó¥È¥Ñ¥±¥Ã¥È¤Î¥Þ¥Ã¥Á¤Ë¤Ä¤¤¤Æ¤Î¾ÜºÙ¤Ï frag ¥ª¥×¥·¥ç¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
¥ë¡¼¥ë¤Ï¡¢¥Ñ¥±¥Ã¥È¤¬ÆþÎϤµ¤ì¤ë¤È¤¡¢¤ª¤è¤Ó½ÐÎϤµ¤ì¤ë¤È¤¡¢ ¤¢¤ë¤¤¤Ï¤½¤ÎξÊý¤È¤â¤Ç¤¢¤ë¤È¤¤ËŬÍѤµ¤ì¤Þ¤¹¡£ in ¥¡¼¥ï¡¼¥É¤Ï¡¢ÆþÎϥѥ±¥Ã¥È¤Ë¤Î¤ß¥ë¡¼¥ë¤¬¥Þ¥Ã¥Á¤·¤Ê¤¯¤Æ¤Ï ¤Ê¤é¤Ê¤¤¤³¤È¤ò¼¨¤¹¤â¤Î¤Ç¤¹¡£ out ¥¡¼¥ï¡¼¥É¤Ï¡¢½ÐÎϥѥ±¥Ã¥È¤Ë¤Î¤ß¥ë¡¼¥ë¤¬¥Þ¥Ã¥Á¤·¤Ê¤¯¤Æ¤Ï ¤Ê¤é¤Ê¤¤¤³¤È¤ò¼¨¤¹¤â¤Î¤Ç¤¹¡£
¤¢¤ë¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ̤ë¥Ñ¥±¥Ã¥È¤Ë¥Þ¥Ã¥Á¤¹¤ë¤¿¤á¤Ë¤Ï¡¢ via ¤ò»ÈÍѤ·¤Æ¼¡¤Î¤è¤¦¤Ë¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£
- via ifX
- ¥Ñ¥±¥Ã¥È¤Ï¡¢¥¤¥ó¥¿¥Õ¥§¡¼¥¹ ifX ¤òÄ̤é¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
- via if*
- ¥Ñ¥±¥Ã¥È¤Ï¡¢¥¤¥ó¥¿¥Õ¥§¡¼¥¹ ifX ¤òÄ̤é¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£¤³¤³¤Ç¡¢X ¤ÏǤ°Õ¤Î¥æ¥Ë¥Ã¥ÈÈÖ¹æ¤Ç¤¹¡£
- via any
- ¥Ñ¥±¥Ã¥È¤Ï¡¢ ¤Ê¤ó¤é¤«¤Î ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ̤é¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
- via ipv6no
- ¥Ñ¥±¥Ã¥È¤Ï¡¢IPv6 ¥¢¥É¥ì¥¹ ipv6no ¤ò»ý¤Ã¤¿¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄ̤é¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
via ¥¡¼¥ï¡¼¥É¤ò»ÈÍѤ¹¤ë¤È¡¢³ºÅö¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ï¾ï¤Ë ¥Á¥§¥Ã¥¯¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£ via ¤ÎÂå¤ï¤ê¤Ë recv ¤¢¤ë¤¤¤Ï xmit ¤ò»ÈÍѤ¹¤ë¤È¡¢ (¤½¤ì¤¾¤ì) ¼õ¿®¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Þ¤¿¤ÏÁ÷¿®¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤À¤±¤¬ ¥Á¥§¥Ã¥¯¤µ¤ì¤Þ¤¹¡£ ξÊý¤ò»ØÄꤹ¤ë¤³¤È¤Ç¡¢¼õ¿®¥¤¥ó¥¿¥Õ¥§¡¼¥¹¡¢Á÷¿®¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Î ξÊý¤È¤â¤Ë¥Ñ¥±¥Ã¥È¤ò¥Þ¥Ã¥Á¤µ¤»¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ Î㤨¤Ð¡¢¼¡¤Î¤è¤¦¤Ë¤·¤Þ¤¹¡£
ip6fw add 100 deny ip from any to any
out recv ed0 xmit ed1recv ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ï¡¢ÆþÎϥѥ±¥Ã¥È¤¢¤ë¤¤¤Ï½ÐÎϥѥ±¥Ã¥È¤Î¤É¤Á¤é¤«¤Ç ¥Æ¥¹¥È¤µ¤ì¤Þ¤¹¡£¤³¤ì¤ËÂФ·¤Æ¡¢ xmit ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ï¡¢½ÐÎϥѥ±¥Ã¥È¤Ç¤·¤«¥Æ¥¹¥È¤µ¤ì¤Þ¤»¤ó¡£ ¤½¤Î¤¿¤á¡¢ xmit ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¤¤¤Ä¤Ç¤â out ¤¬É¬ÍפǤ¹ (¤½¤·¤Æ¡¢ in ¤ÏÉÔÀµ¤Ç¤¹)¡£ xmit ¤¢¤ë¤¤¤Ï recv ¤È°ì½ï¤Ë via ¤ò»ØÄꤹ¤ë¤Î¤ÏÉÔÀµ¤Ç¤¹¡£
¥Ñ¥±¥Ã¥È¤Ë¤Ï¡¢¼õ¿®¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¢¤ë¤¤¤ÏÁ÷¿®¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¬¤Ê¤¤ ¤«¤â¤·¤ì¤Þ¤»¤ó¡£¥í¡¼¥«¥ë¥Û¥¹¥È¤«¤éÁ÷¿®¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤Ë¤Ï ¼õ¿®¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¬¤¢¤ê¤Þ¤»¤ó¡£¤½¤·¤Æ¡¢¥í¡¼¥«¥ë¥Û¥¹¥È¤Ø¸þ¤±¤Æ Á÷¿®¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤Ë¤ÏÁ÷¿®¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤¬¤¢¤ê¤Þ¤»¤ó¡£
ÄɲäΠoptions ¤Ï¼¡¤ÎÄ̤ê¤Ç¤¹¡£
- frag
- ¥Ñ¥±¥Ã¥È¤¬¥Õ¥é¥°¥á¥ó¥È¤Ç¤¢¤ê¡¢¤·¤«¤â ¥Ç¡¼¥¿¥°¥é¥à¤ÎºÇ½é¤Î¥Õ¥é¥°¥á¥ó¥È¤Ç¤Ê¤±¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£ frag ¤Ï¡¢ tcpflags ¤¢¤ë¤¤¤Ï TCP/UDP ¥Ý¡¼¥È¤Î»ØÄê¤È°ì½ï¤Ë¤Ï»È¤¦¤³¤È¤¬¤Ç¤¤Þ¤»¤ó¡£
- in
- ¥Ñ¥±¥Ã¥È¤¬Æþ¤Ã¤Æ¤³¤è¤¦¤È¤·¤Æ¤¤¤ë¾ì¹ç¤Ë¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- out
- ¥Ñ¥±¥Ã¥È¤¬½Ð¤Æ¤¤¤³¤¦¤È¤·¤Æ¤¤¤ë¾ì¹ç¤Ë¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- ipv6options spec
- IPv6 ¥Ø¥Ã¥À¤Ë¡¢ spec ¤Ç»ØÄꤵ¤ì¤¿¥³¥ó¥Þ¶èÀÚ¤ê¤Î¥ª¥×¥·¥ç¥ó¥ê¥¹¥È¤ÎÍ×ÁǤ¬´Þ¤Þ¤ì¤Æ ¤¤¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£ ¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë IPv6 ¥ª¥×¥·¥ç¥ó¤Ï¼¡¤ÎÄ̤ê¤Ç¤¹¡£ hopopt (hop-by-hop ¥ª¥×¥·¥ç¥ó¥Ø¥Ã¥À)¡¢ route (¥ë¡¼¥Æ¥£¥ó¥°¥Ø¥Ã¥À)¡¢ frag (¥Õ¥é¥°¥á¥ó¥È¥Ø¥Ã¥À)¡¢ esp (°Å¹æ¥Ú¥¤¥í¡¼¥É)¡¢ ah (ǧ¾Ú¥Ø¥Ã¥À)¡¢ nonxt (¼¡¥Ø¥Ã¥À¤Ê¤·)¡¢¤½¤·¤Æ opts (¥Ç¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥ª¥×¥·¥ç¥ó¥Ø¥Ã¥À) ¤Ç¤¹¡£ ÆÃÄê¤Î¥ª¥×¥·¥ç¥ó¤¬¤Ê¤¤¤³¤È¤Ï¡¢ “!” ¤Çɽ¤·¤Þ¤¹ (¤Þ¤ÀÆ°ºî¤·¤Æ¤¤¤Þ¤»¤ó) ¡£
- established
- RST ¤¢¤ë¤¤¤Ï ACK ¥Ó¥Ã¥È¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤ë¥Ñ¥±¥Ã¥È¤Ë ¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- setup
- SYN ¥Ó¥Ã¥È¤Ï¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤ë¤¬ ACK ¥Ó¥Ã¥È¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤Ê¤¤ ¥Ñ¥±¥Ã¥È¤Ë¥Þ¥Ã¥Á¤·¤Þ¤¹¡£
- tcpflags spec
- TCP ¥Ø¥Ã¥À¤Ë¡¢ spec ¤Ç»ØÄꤵ¤ì¤¿¥³¥ó¥Þ¶èÀÚ¤ê¤Î¥Õ¥é¥°¥ê¥¹¥È¤ÎÍ×ÁǤ¬´Þ¤Þ¤ì¤Æ¤¤¤ì¤Ð ¥Þ¥Ã¥Á¤·¤Þ¤¹¡£ ¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë TCP ¥Õ¥é¥°¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¹¡£ fin, syn, rst, psh, ack, ¤½¤·¤Æ urg ¤Ç¤¹¡£ ÆÃÄê¤Î¥Õ¥é¥°¤¬¤Ê¤¤¤³¤È¤Ï “!” ¤ò»È¤Ã¤Æɽ¤·¤Þ¤¹¡£ tcpflags »ØÄê¤ò´Þ¤ó¤À¥ë¡¼¥ë¤Ï¡¢ 0 ¤Ç¤Ê¤¤¥ª¥Õ¥»¥Ã¥È¤ò»ý¤Ã¤¿¥Õ¥é¥°¥á¥ó¥È¥Ñ¥±¥Ã¥È¤Ë¤Ï ÀäÂФ˥ޥåÁ¤·¤Þ¤»¤ó¡£ ¥Õ¥é¥°¥á¥ó¥È¥Ñ¥±¥Ã¥È¤Ø¤Î¥Þ¥Ã¥Á¤Ë´Ø¤¹¤ë¾ÜºÙ¤Ï frag ¥ª¥×¥·¥ç¥ó¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£
- icmptypes types
- ICMPv6 ¤Î¥¿¥¤¥×¤¬ types ¥ê¥¹¥ÈÃæ¤Ë¤¢¤ì¤Ð¥Þ¥Ã¥Á¤·¤Þ¤¹¡£ ¥ê¥¹¥È¤Ë¤Ï¡¢ÈϰϤȡ¢¸Ä¡¹¤Î¥¿¥¤¥×¤ò¥³¥ó¥Þ¤Ç¶èÀڤ俤â¤Î¤ò¡¢ Ǥ°Õ¤ËÁȤ߹ç¤ï¤»¤Æ»ØÄê¤Ç¤¤Þ¤¹
¥Á¥§¥Ã¥¯¥ê¥¹¥È
¤³¤³¤Ë¤Ï¡¢¤¢¤Ê¤¿¤¬¥ë¡¼¥ë¤ò¥Ç¥¶¥¤¥ó¤¹¤ëºÝ¤Ë¹Íθ¤¹¤Ù¤ ½ÅÍפʥݥ¤¥ó¥È¤ò¤¤¤¯¤Ä¤«½Ò¤Ù¤Æ¤¢¤ê¤Þ¤¹¡£- ÆþÎϤª¤è¤Ó½ÐÎϥѥ±¥Ã¥È¤ÎξÊý¤ò¥Õ¥£¥ë¥¿¤¹¤ë¤Î¤À¤È¤¤¤¦¤³¤È¤ò ˺¤ì¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£¤Û¤È¤ó¤É¤ÎÀܳ¤Ë¤ÏξÊý¸þ¤Î¥Ñ¥±¥Ã¥È¤¬ ɬÍפǤ¹¡£
- ¤È¤Æ¤âÃí°Õ¿¼¤¯¥Æ¥¹¥È¤¹¤ë¤Î¤ò˺¤ì¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£ ¥Æ¥¹¥È¤¹¤ëºÝ¤Ë¤Ï¥³¥ó¥½¡¼¥ë¤Î¶á¤¯¤Ç¹Ô¤¦¤È¤¤¤¦¤Î¤¬Îɤ¤¥¢¥¤¥Ç¥¢¤Ç¤¹¡£
- ¥ë¡¼¥×¥Ð¥Ã¥¯¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò˺¤ì¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£
ÈùÄ´À°
¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤¬¾ï¤ËÇË´þ¤¹¤ë¥Ñ¥±¥Ã¥È¤¬ 1 ¼ïÎढ¤ê¤Þ¤¹¡£ ¤½¤ì¤Ï¡¢¥Õ¥é¥°¥á¥ó¥È¥ª¥Õ¥»¥Ã¥È 1 ¤ò»ý¤Ã¤¿ IPv6 ¥Õ¥é¥°¥á¥ó¥È¤Ç¤¹¡£ ¤³¤ì¤ÏÀµ¤·¤¤¥Ñ¥±¥Ã¥È¤Ç¤¹¤¬¡¢»ÈÍÑÊýË¡¤Ï 1 ¤Ä¤À¤±¤Ç¤¹¡£ ¤½¤ì¤Ï¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ÎÈ´¤±Æ»¤òõ¤½¤¦¤È¤¹¤ë¤³¤È¤Ç¤¹¡£¥Í¥Ã¥È¥ï¡¼¥¯±Û¤·¤Ë¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¾ì¹ç¤Ï¡¢
ip6fw ¤Î KLD
¥Ð¡¼¥¸¥ç¥ó¤ò¥í¡¼¥É¤¹¤ë¤Î¤Ï¡¢¤ª¤½¤é¤¯
¤¢¤Ê¤¿¤¬»×¤Ã¤Æ¤¤¤ë¤Û¤É¤Ë¤Ï´Êñ¤Ç¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦
(¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤»¤ó
) ¡£
¼¡¤Î¤è¤¦¤Ê¥³¥Þ¥ó¥É¹Ô¤ò¿ä¾©¤·¤Þ¤¹¡£
kldload ip6fw && \ ip6fw add 32000 allow all from any to any
ƱÍͤξõ¶·¤Ç¡¢Æ±¤¸¹Ô¤Ç
ip6fw flush
¤ò¹Ô¤¦¤³¤È¤âÎɤ¯¤Ê¤¤¥¢¥¤¥Ç¥¢¤Ç¤¹¡£
¥Ñ¥±¥Ã¥ÈÊÑ´¹
¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£»ÈÍÑÎã
¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢ hacker.evil.org ¤«¤é wolf.tambov.su ¤Î telnet ¥Ý¡¼¥È¤Ø¤Î TCP ¥Ñ¥±¥Ã¥È¤¹¤Ù¤Æ¤ò¡¢¤³¤Î¥Û¥¹¥È¤Ç ¥Õ¥©¥ï¡¼¥É¤·¤Ê¤¤¤è¤¦¤Ë¤·¤Þ¤¹¡£ip6fw add deny tcp from
hacker.evil.org to wolf.tambov.su 23¼¡¤Î¥³¥Þ¥ó¥É¤Ï¡¢hackers ¥Í¥Ã¥È¥ï¡¼¥¯Á´ÂΤ«¤é¼«¥Û¥¹¥È¤Ø¤ÎÀܳ¤ò ²¿¤Ç¤¢¤ì¶Ø»ß¤·¤Þ¤¹¡£
ip6fw add deny all from
fec0::123:45:67:0/112 to my.host.org¤³¤ì¤Ï¡¢¥«¥¦¥ó¥ÈÃͤεϿ¤È¥¿¥¤¥à¥¹¥¿¥ó¥×¾ðÊó¤òɽ¼¨¤¹¤ë¤¿¤á¤Î ¥ê¥¹¥È¥³¥Þ¥ó¥É¤ÎÎɤ¤»ÈÍÑÎã¤Ç¤¹¡£
ip6fw -at l¤¢¤ë¤¤¤Ï¡¢¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ê¤·¤Î¡¢Ã»¤¤·Á¼°¤Î¤â¤Î¤Ï
ip6fw -a l´ØÏ¢¹àÌÜ
ip(4), ipfirewall(4), protocols(5), services(5), reboot(8), sysctl(8), syslogd(8)¥Ð¥°
Ãí°Õ !! Ãí°Õ !! Ãí°Õ !! Ãí°Õ !!¤³¤Î¥×¥í¥°¥é¥à¤Ï¡¢¤¢¤Ê¤¿¤Î¥³¥ó¥Ô¥å¡¼¥¿¤ò¤«¤Ê¤ê»È¤¨¤Ê¤¤¾õÂÖ ¤Ë¤·¤Æ¤·¤Þ¤¦²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£½é¤á¤Æ»ÈÍѤ¹¤ëºÝ¤Ë¤Ï¡¢ ¥³¥ó¥Ô¥å¡¼¥¿¤Î¥³¥ó¥½¡¼¥ë¤Çºî¶È¤·¤Æ¤¯¤À¤µ¤¤¡£¤Þ¤¿¡¢ Íý²ò¤·¤Æ¤¤¤Ê¤¤¤³¤È¤Ï²¿¤â ¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤ ¡£
¥Á¥§¡¼¥ó¥¨¥ó¥È¥ê¤òÁàºî / Äɲ乤ëºÝ¤Ë¤Ï¡¢¥µ¡¼¥Ó¥¹Ì¾¤ª¤è¤Ó ¥×¥í¥È¥³¥ë̾¤Ï¼õ¤±ÉÕ¤±¤é¤ì¤Þ¤»¤ó¡£
ºî¼Ô
Ugen J. S. Antsilevich, Poul-Henning Kamp, Alex Nash, Archie Cobbs ¤Ç¤¹¡£API ¤Ï¡¢BSDI ÍÑ¤Ë Daniel Boulet ¤¬½ñ¤¤¤¿¥³¡¼¥É¤Ë´ð¤¤¤Æ¤¤¤Þ¤¹¡£
Îò»Ë
ip6fw
¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤ÏºÇ½é¤Ë
FreeBSD 4.0
¤ÇÅо줷¤Þ¤·¤¿¡£
| March 13, 2000 | FreeBSD 13.1-RELEASE |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.