我是 ipfw 的新手,正在尝试学习它并在使用 FreeBSD 的服务器上测试它的命令。每次我通过 SSH 运行 ipfw 命令时出现语法错误/拼写错误,然后重新启动 ipfw 服务时,服务器都会被阻止,我无法通过 SSH 使用它。即使没有任何 ipfw 规则可以拒绝到我的计算机的流量。我不得不要求主管理员解除对我的服务器的阻止。
有没有办法测试 ipfw 而不进行这样的服务器/SSH 阻止?或者,如果我在计算机上本地安装/部署服务器,在 ipfw 出错的情况下,我可以自己解除对服务器的阻止吗?
答案1
有一个非常方便的脚本:
/usr/share/examples/ipfw/change_rules.sh
它完全按照你想要的方式工作:
# Invoke this script to edit ${firewall_script}. It will call ${EDITOR},
# or vi(1) if the environment variable is not set, for you to edit
# ${firewall_script}, ask for confirmation, and then run
# ${firewall_script}. You can then examine the output of ipfw list and
# confirm whether you want the new version or not.
#
# If no answer is received in 30 seconds, the previous
# ${firewall_script} is run, restoring the old rules (this assumes ipfw
# flush is present in it).
#
# If the new rules are confirmed, they'll replace ${firewall_script} and
# the previous ones will be copied to ${firewall_script}.{date}. Mail
# will also be sent to root with a unified diff of the rule change.
#
# Unapproved rules are kept in ${firewall_script}.new, and you are
# offered the option of changing them instead of the present rules when
# you call this script.