####################################################################### # デフォルトフィルタ (filter-rule.txt) # 作成者: k-square # 更新履歴: 2003/8/1 作成 ####################################################################### # pktctl.exe と pktfltsrv.exe を %WINDIR%\SYSTEM32 に入れ、 # ルールファイル(filter-rule.txt) を %WINDIR%\SYSTEM32\drivers\etc にいれる。 # C:\> cd %WINDIR%\SYSTEM32 # C:\WINNT\system32> pktctl -I # C:\WINNT\system32> pktfltsrv -i "%WINDIR%\SYSTEM32\drivers\etc\filter-rule.txt" # small fragmentsパケットをドロップする option small_frags on eth0 # デフォルトですべてのパケットを不許可 block out on eth0 all block in on eth0 all ######################## ##### 必須モノ許可 ##### ######################## # ICMPのエコーリプライだけを許可する pass out on eth0 proto icmp from any to any icmp-type echo pass in on eth0 proto icmp from any to any icmp-type echo pass out on eth0 proto icmp from any to any icmp-type echorep pass in on eth0 proto icmp from any to any icmp-type echorep # ICMPをすべて許可したい場合は以下の行のコメントアウトを有効にすれば良い #pass out on eth0 proto icmp all #pass in on eth0 proto icmp all # tcpで外向きに出て行く任意のパケットとその戻り 、 及び FTP data は許可 pass out on eth0 proto tcp from any to any pass in on eth0 proto tcp from any to any port >= 1 established #pass in on eth0 proto tcp from any port >= 1024 to any port = 20 # DNS を許可 pass out on eth0 proto udp from any port >= 1024 to any port = 53 pass in on eth0 proto udp from any port = 53 to any port >= 1024 # DHCP を許可 #pass out on eth0 proto udp from any port = 68 to any port = 67 #pass in on eth0 proto udp from any port = 67 to any port = 68 # SNTP を許可 #pass out on eth0 proto udp from any port >= 1024 to any port = 123 #pass in on eth0 proto udp from any port = 123 to any port >= 1024 ######################## ##### serverの許可 ##### ######################## # Web pass out on eth0 proto tcp from any port = 80 to any port >= 1024 pass in on eth0 proto tcp from any port >= 1024 to any port = 80 pass out on eth0 proto tcp from any port = 443 to any port >= 1024 pass in on eth0 proto tcp from any port >= 1024 to any port = 443 ######################## ##### DC を許可 ##### ######################## pass out on eth0 from any to 192.168.254.251 pass in on eth0 from 192.168.254.251 to any pass out on eth0 from any to 192.168.254.252 pass in on eth0 from 192.168.254.252 to any ######################## ##### 管理者を許可 ##### ######################## # 管理者: k-square のマシンからのアクセスを全て許可 pass out on eth0 from any to 192.168.1.1 pass in on eth0 from 192.168.1.1 to any