如何设定防火墙功能

雷电MAILD 防火墙是一个简易型的防火墙, 利用系统的 Windows IP Filter Driver 所开发的防火墙功能. 设定介面位于 [伺服器设定]->[基本设定]->[选项]->[IP限制]->[IP/Domain 拒绝清单]->[设定防火墙].

其画面如下:

 

Action

DROP 为丢弃封包(拒绝连线), PASS 为通过封包(接受连线).

来源 IP

IP Address:

设定对方的 IP address.

Network mark:

空白为单一IP.
/24 为 C 网段,
/16 为 B 网段,
/8 为 A 网段.

Port:

(不用设定)

目的 IP

IP Address:

设定本机端的 IP address. 通常为 0.0.0.0 即可, 不然也可为本机端的某个单一IP.

Network mark:

(不用设定)

Port:

本机端要过滤的埠号. 可以用 - (减号) 来表示埠号范围, 如 1-1024 为 1 到 1024 的埠号都要过滤.

加好规则后, 要先套用存档后, 再启动防火墙方可套用新规则.

以上是针对MAILD 会用到的部份才设计的介面, 基本上它可设的规则还有很多, 请参考下列原出处英文的规则说明.

=======================================================

# ----------------------------------------------------------------------------
# IP Firewall Lite Rules Examples
# Rules format: Rules are applied from TOP to BOTTOM! All reserved words must be in uppercase!
# WARNING : THIS IS A SAMPLE AND MUST NOT BE APPLIED TO FIREWALL BECAUSE
# IT MAY NEGATIVELY AFFECT NETWORK PEFORMANCE AND SECURITY!
# ----------------------------------------------------------------------------

#
#
# IP rules:
#
# PASS|DROP IP FROM <addr> TO <addr> [IPPROTO <ipproto>] [NOLOG]
#
#
# Where <addr> is IP-address and possibly netmask (192.168.0.0/24) or "ANY"
# <addr> ::== ANY
# is equal to 0.0.0.0/0
#
# And <ipproto> is IP-protocol number. See etc\protocol file.
#
#
# Example:
#
# PASS IP FROM ANY TO 192.168.0.0/24 IPPROTO 1 NOLOG
# DROP IP FROM ANY TO 127.0.0.1
#
# ----------------------------------------------------------------------------
#
# TCP rules:
#
# PASS|DROP TCP FROM <addr> TO <addr> [FLAGS <flags>] [NOLOG]
#
# Where <addr> is IP-address and possibly netmask or port range
# <addr> ::== <ip_address>[/<mask>][:<port>[-<port2>]]or
# for example 192.168.0.1:1-1023 , 192.168.0.0/24 or
#
# And where <flags> is sequence of one or some TCP-flags: A P S R F U E C
# and '+' or '-' character after (flag is set or flag is not set)
# Be carefull while using flags...If stateful inspection is activated,
# you must be very careful to (albeit not suggested) use them.
#
# Example (deny incoming connections to privileged ports from some subnet):
#
# DROP TCP FROM 192.168.5.0/24 TO 0.0.0.0/0:1-1024 FLAGS S+A-
#
# ----------------------------------------------------------------------------
#
# UDP rules:
#
# PASS|DROP UDP FROM <addr> TO <addr> [NOLOG]
#
# Where <addr> is similiar to TCP rules case.
#
# Example:
#
# PASS UDP FROM ANY TO 0.0.0.0/0:53
# PASS UDP FROM 0.0.0.0/0:53 TO ANY
# ----------------------------------------------------------------------------
#
# ICMP rules:
#
# PASS|DROP ICMP FROM <addr> TO <addr> [TYPE <type>[.<code>] [NOLOG]
#
# Where <addr> is similiar for TCP rules case.
#
# And <type> and <code> is ICMP types and codes.
# For example echo request is 8.0 and echo reply is 0.0.
#
# Example:
#
# PASS ICMP FROM ANY TO 192.168.0.1/32 TYPE 8.0
#
# ----------------------------------------------------------------------------

=======================================================

 

 

感谢您看完此篇文章

回知识库首页

 

最近更新日期: 2007/10/21

Copyright ©2000-2008 RaidenMAILD TEAM

Copyright (C) http://www.raidenmaild.com/ . , 2000-2008 all rights reserved. The copyrighted works contained in this information service shall not be copied, reproduced, varied, altered, modified, adapted, distributed, performed and displayed in any form without the written permission of the copyright owner. All trademarks belong to their respective owners .