freebsd
Table des matières
FreeBSD
Mise à jour système
freebsd-update fetch freebsd-update install
Gestionnaire de package
pkg update pkg upgrade pkg add <color #FF0000>package</color>
Firewall
- /etc/rc.config
# Interface reseau externe (ex: ue0) ext_if = "ue0" # IP du jail jail_ip = "192.168.x.x" # Adresse IPv6 du jail jail_ipv6 = "xxxx:xxxx:xxxx:xxxx::xxxx" # Reseaux autorises pour SSH trusted_nets = "{ 192.168.x.x/24 }" #Bloquer tout par default block all # Autoriser le trafic vers le jail (HTTP/HTTPS) pass in quick on $ext_if proto tcp from any to $jail_ip port { 80, 443 } keep state pass in quick on $ext_if inet6 proto tcp from any to $jail_ipv6 port { 80, 443 } keep state # Autoriser SSHD seulement depuis les reseaux de confiance pass in quick on $ext_if proto tcp from $trusted_nets to self port 22 keep state # Autoriser le ping IPv4 (ICMP) pass in quick on $ext_if inet proto icmp from any to any icmp-type echoreq keep state # Autoriser le ping IPv6 (ICMPv6) pass in quick on $ext_if inet6 proto icmp6 from any to any keep state # Autoriser Internet pour IPv4 pass out on $ext_if inet proto { tcp, udp, icmp } from any to any keep state # Autoriser Internet pour IPv6 pass out on $ext_if inet6 proto { tcp, udp, icmp6 } from any to any keep state
Vérifier les règles
pfctl -vnf /etc/pf.conf
Appliquer les règles
pfctl -F all -f /etc/pf.conf
freebsd.txt · Dernière modification : de 127.0.0.1