Solaris ¹æȺ®(ipfilter) °ü¸®
¡°ipfilter¡±À»
ÀÌ¿ëÇÏ¿© N/W¹æȺ®¿Ü¿¡ ¼¹ö¿¡¼ IP/port¸¦ ÇÊÅ͸µÇÑ´Ù.
Ipf.conf file¼öÁ¤
|
# cd /etc/ipf # vi ipf.conf |
|
# ipf.conf # # ¾Æ·¡ lineÀº
Ÿ host¿¡¼ ping test½Ã ¡°alive¡± message¸¦ º¸³»±â À§ÇØ pass in quick on ixgbe0 proto icmp
from any to any icmp-type 8 code 0 keep state # ¾Æ·¡ lineÀº
¿À¶óŬ(1521port)¸¦ À§ÇÏ¿© ¾î´Àip(any)¿¡¼³ª
Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï pass in quick
on ixgbe0 proto tcp from any to any port=1521 keep
state #
192.168.0 ´ë¿ª network¿¡¼ 192.168.0.11 (ÀÚ±âÀÚ½Å)À¸·Î 23¹ø port
(telnet)À¸·Î Á¢¼Ó ¡°/24¡±´Â # IPÁÖ¼Ò¸¦ 2Áø¼ö
Ç¥Çö½Ã ¾Õ¿¡¼ 24bit¸¸ À¯È¿ÇÑ N/WÀ¸·Î ÀÎ½Ä pass in quick
on ixgbe0 proto tcp from 192.168.0.0/24 to
192.168.0.11 port=23 keep state # ¾îµð¿¡¼³ª tcp 22¹øport (ssh)·Î Á¢¼Ó pass in quick
on ixgbe0 proto tcp from any to any port=22 keep
state #
192.168.0 ´ë¿ª network¿¡¼ 192.168.0.11 (ÀÚ±âÀÚ½Å)À¸·Î 21¹ø port (ftp)À¸·Î
Á¢¼Ó pass in quick
on ixgbe0 proto tcp from 192.168.0.0/24 to
192.168.0.11 port=21 keep state #
192.168.0 ´ë¿ª network¿¡¼ 192.168.0.11 (ÀÚ±âÀÚ½Å)À¸·Î 177¹ø port (x-manager)À¸·Î
Á¢¼Ó pass in quick
on ixgbe0 proto udp from 192.168.0.0/24 to
192.168.0.11 port=177 keep state # ¾îµð¿¡¼³ª tcp 80¹øport (web server)·Î Á¢¼Ó
pass in quick
on ixgbe0 proto tcp from any to 192.168.0.11
port=80 keep state # ±× ¿Ü´Â ¸ðµÎ ¸·À½ block in
quick all # out-goingÀº ¸ðµç port°¡
¿·ÁÀÖ½¿(open) pass out on
ixgbe0 proto tcp from any to any keep state pass out on
ixgbe0 proto udp from any to any keep state pass out on
ixgbe0 proto icmp from any to any keep state |
file¼öÁ¤ ÈÄ ¼ºñ½º
µî·Ï ¹× ¼ºñ½º start
|
# svcadm disable ipfilter # svcadm enable ipfilter |
¼ºñ½ºÈ®ÀÎ.
|
# Ipf –V # ipfstat |
Ssh ¿ø°Ý ¡°root¡± login ¹æÁö
|
# vi /etc/ssh/sshd_config ¡°PermitRootLogin no¡±
-> ¼öÁ¤ # svcadm restart ssh |
TelnetÀ¸·Î log-in½Ã ¡°root¡± login¹æÁö
|
# vi /etc/default/login ¡°CONSOLE=/dev/console¡± ->
remarkÁ¦°Å |
----