ipfw install_state too many dynamic rules
hatası veriyor hata ile karşılaşan varmı daha önce?
ücretli destekte olabilir
ipfw.conf dosyam:
IPF="ipfw -q add" ipfw -q -f flush ################################################# # Giris İzini 127.0.0.1 ################################################# $IPF 10 allow all from any to any via lo0 $IPF 11 deny all from any to 127.0.0.0/8 $IPF 12 deny all from 127.0.0.0/8 to any $IPF 13 deny tcp from any to any frag ################################################# # Şartlar Kodlama ################################################# $IPF 14 check-state $IPF 15 allow tcp from any to any established $IPF 16 allow all from any to any out keep-state $IPF 17 allow icmp from any to any ################################################# # Çıkış İzini Alan Portlar ################################################# $IPF 18 allow tcp from any to any 22 setup keep-state $IPF 19 allow tcp from any to any 13000 setup keep-state $IPF 20 allow tcp from any to any 13001 setup keep-state $IPF 21 allow tcp from any to any 16000 setup keep-state $IPF 22 allow tcp from any to any 18000 setup keep-state $IPF 23 allow tcp from any to any 21000 setup keep-state $IPF 24 allow tcp from any to any 3306 setup keep-state $IPF 25 allow tcp from any to any 11005 setup keep-state $IPF 26 allow udp from any to any 22 keep-state $IPF 27 allow udp from any to any 13000 keep-state $IPF 28 allow udp from any to any 13001 keep-state $IPF 29 allow udp from any to any 16000 keep-state $IPF 30 allow udp from any to any 18000 keep-state $IPF 31 allow udp from any to any 21000 keep-state $IPF 32 allow udp from any to any 3306 keep-state $IPF 33 allow udp from any to any 11005 keep-state #################################################### #Saldırı Paket Veri Kısıtlama #################################################### ipfw add 409 allow tcp from any to me 22 in via em0 setup limit src-addr 20 ipfw add 410 allow tcp from any to me 13000 in via em0 setup limit src-addr 10 ipfw add 411 allow tcp from any to me 13001 in via em0 setup limit src-addr 10 ipfw add 412 allow tcp from any to me 16000 in via em0 setup limit src-addr 10 ipfw add 413 allow tcp from any to me 21000 in via em0 setup limit src-addr 10 ipfw add 414 allow tcp from any to me 18000 in via em0 setup limit src-addr 10 ipfw add 415 allow tcp from any to me 11005 in via em0 setup limit src-addr 5 ipfw add 416 allow tcp from any to me 3306 in via em0 setup limit src-addr 10 ipfw add 419 allow udp from any to me 22 in via em0 setup limit src-addr 80 ipfw add 420 allow udp from any to me 13000 in via em0 setup limit src-addr 80 ipfw add 421 allow udp from any to me 13001 in via em0 setup limit src-addr 80 ipfw add 422 allow udp from any to me 16000 in via em0 setup limit src-addr 80 ipfw add 423 allow udp from any to me 21000 in via em0 setup limit src-addr 80 ipfw add 424 allow udp from any to me 18000 in via em0 setup limit src-addr 80 ipfw add 425 allow udp from any to me 11005 in via em0 setup limit src-addr 50 ipfw add 426 allow udp from any to me 3306 in via em0 setup limit src-addr 50 $IPF 34 allow all from mywebserverip to me $IPF 36 allow all from myip to any 14000 $IPF 37 allow all from myip to any 14000 $IPF 38 deny all from any to me 14000 $IPF 39 allow all from myip to any 17000 $IPF 40 allow all from myip to any 17000 $IPF 41 deny all from any to me 17000 $IPF 42 allow all from myip to any 20000 $IPF 43 allow all from myip to any 20000 $IPF 44 deny all from any to me 20000 $IPF 45 allow all from myip to any 22000 $IPF 46 allow all from myip to any 22000 $IPF 47 deny all from any to me 22000 $IPF 48 allow all from myip to any 12000 $IPF 49 allow all from myip to any 12000 $IPF 50 deny all from any to me 12000 $IPF 51 allow all from myip to any 14001 $IPF 52 allow all from myip to any 14001 $IPF 53 deny all from any to me 14001 $IPF deny log all from any to any
sysctl.conf dosya:
net.inet.ip.fw.dyn_max=65536
net.inet.ip.fw.dyn_buckets=1024
net.inet.ip.fw.dyn_ack_lifetime=60
