[BSD] Intel SR1530AHLX server

Danielisz Laszlo laszlo_danielisz at yahoo.com
2008. Ápr. 22., K, 16:18:38 CEST 

Elküldöm az én pf.conf-at, lehet segítségedre válik:

/etc/pf.conf

#macros
ext_if="fxp0"
int_if="re0"
internal_net="192.168.1.0/24"
admin_ip = "{ 192.168.1.254, 192.168.1.113, 192.168.1.123, 192.168.1.213, 192.168.1.223 }"
ssh_ip = "{ 192.168.1.254, 192.168.1.113, 192.168.1.213, 192.168.1.223 }"
engedelyezett= "{ 194.102.208.22, 194.102.208.22, 194.102.208.22, 194.102.208.22,194.102.208.22, 194.102.208.22, 194.102.208.22, 194.102.208.22,194.102.208
.22, 194.102.208.22, 194.102.208.22,194.102.208.22, 194.102.208.22, 194.102.208.22, 194.102.208.22,194.102.208.22, 194.102.208.22, 194.102.208.22, 194.102.2
08.22,194.102.208.22, 194.102.208.22, 194.102.208.22, 77.242.193.137,77.242.192.193, 81.181.193.18, 207.46.225.221, 207.46.20.126,205.128.69.126, 65.55.184
.93, 207.46.18.94,207.46.225.221, 8.12.199.126, 207.46.209.246, 86.35.15.25, 64.4.21.91,86.35.15.200, 80.97.216.131, 212.146.105.227, 86.35.15.202, 86.35.15
.202,217.156.52.49, 212.146.105.226, 80.96.153.2, 193.226.121.131,193.226.121.131, 74.50.5.210, 72.29.71.131, 193.231.100.2,193.231.100.130, 193.231.100.13
4 }"


# options
set block-policy drop
set state-policy if-bound

# scrub incoming packets
scrub all reassemble tcp fragment reassemble


#nat
nat on $ext_if from $internal_net to $engedelyezett -> ($ext_if)
nat on $ext_if from $admin_ip to any -> ($ext_if)



# tables
table <firewall> const { self }


# setup a default deny policy
block drop log all


# pass traffic on the loopback interface in either direction
pass quick on lo0 all

# dns, ntp
pass out quick on $ext_if inet proto udp from ($ext_if) to any port {53, 123 } keep state

# outgoing from firewall
pass out log quick on $ext_if inet proto tcp from ($ext_if) to any flags S/SA keep state
pass out log quick on $ext_if inet proto { udp, icmp } from ($ext_if) to any keep state
pass out log quick on $int_if inet proto tcp from ($int_if) to any flags S/SA keep state

# incoming, ssh
pass in log quick on $ext_if inet proto tcp from any to ($ext_if) port 22 flags S/SA keep state
pass in log quick on $int_if inet proto tcp from $ssh_ip to ($int_if) port 22 flags S/SA keep state

# outgoing icmp
pass out log quick on $int_if inet proto icmp from ($int_if) to $internal_net keep state


# incoming tcp, udp, icmp from the internal network to the internet
pass in log quick on $int_if inet proto tcp from $internal_net to !<firewall> flags S/SA modulate state
pass in log quick on $int_if inet proto icmp from $internal_net to !<firewall> keep state
pass in log quick on $int_if inet proto udp from $internal_net to !<firewall> keep state
pass in quick on $int_if inet proto { udp, icmp } from any to $int_if keep state


----- Original Message ----
From: Péchy Gáspár <gpechy at ggg.hu>
To: Magyar BSD levlista <bsd at hu.freebsd.org>
Sent: Monday, April 21, 2008 3:58:11 PM
Subject: Re: [BSD] Intel SR1530AHLX server

Berta Sándor írta:
> Péchy Gáspár írta:
>> Helli,
>> van valakinek tapasztalata Intel 1530AHLX serverrel ? ( S3000AHLX board )
>> Ha megy valahol, különosen érdekelne az internal RAID / AMT esetleges tapasztalat.
>> Köszönöm,
>> Gazsi
>>
>> _______________________________________________
>> BSD levlista
>> BSD at hu.freebsd.org
>> http://www.hu.freebsd.org/hu/mailman/listinfo/bsd
>>
> 6.3-al és 7.0-al is kíválóan megy. Raid1-el használom őket.
> 
> üdv
> berta
> 
> _______________________________________________
> BSD levlista
> BSD at hu.freebsd.org
> http://www.hu.freebsd.org/hu/mailman/listinfo/bsd
> 
Köszönöm :)
( Az AMT már ne érdekes, csak BIOS-boot-hwstatus-t tud )
Gazsi

_______________________________________________
BSD levlista
BSD at hu.freebsd.org
http://www.hu.freebsd.org/hu/mailman/listinfo/bsd






      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
--------- következő rész ---------
Egy csatolt HTML állomány át lett konvertálva...
URL: <http://datacast.hu/pipermail/bsd/attachments/20080422/d11c2c47/attachment.html>

További információk a(z) BSD levelezőlistáról