!IPFW ############################################################## ## firewall_enable="YES" firewall_type="/etc/ipfw.conf" # ipfw -a list[Enter] ############################################################## !IPFW sample #!/bin/sh IPFWC="/sbin/ipfw -q add" ipfw -q -f flush #loopback $IPFWC 10 allow all from any to any via lo0 $IPFWC 20 deny all from any to 127.0.0.0/8 $IPFWC 30 deny all from 127.0.0.0/8 to any $IPFWC 40 deny tcp from any to any frag # statefull $IPFWC 50 check-state $IPFWC 60 allow tcp from any to any established $IPFWC 70 allow all from any to any out keep-state $IPFWC 80 allow icmp from any to any ## ftp (20,21) ports $IPFWC 100 allow tcp from any to any 20 in $IPFWC 110 allow tcp from any to any 20 out $IPFWC 120 allow tcp from any to any 21 in $IPFWC 130 allow tcp from any to any 21 out ## ssh (22) ports $IPFWC 140 allow tcp from any to any 22 in $IPFWC 150 allow tcp from any to any 22 out ## mail(25) ports $IPFWC 160 allow tcp from any to any 25 in $IPFWC 170 allow tcp from any to any 25 out ## domain(53) ports // DNS $IPFWC 180 allow udp from any to any 53 in $IPFWC 185 allow tcp from any to any 53 in $IPFWC 190 allow udp from any to any 53 out $IPFWC 195 allow tcp from any to any 53 out ## http(80) ports $IPFWC 200 allow tcp from any to any 80 in $IPFWC 210 allow tcp from any to any 80 out # $IPFWC 240 allow tcp from any to any 443 in # $IPFWC 250 allow tcp from any to any 443 out ## ntp(123) ports $IPFWC 1010 allow tcp from any to any 123 in $IPFWC 1020 allow tcp from any to any 123 out ## https(443) $IPFWC 1030 allow tcp from any to any 443 in $IPFWC 1040 allow tcp from any to any 443 out ## submission( 587 ) ports $IPFWC 1050 allow tcp from any to any 587 in $IPFWC 1060 allow tcp from any to any 587 out ## imaps(993) # $IPFWC 1070 allow tcp from any to any 993 in # $IPFWC 1080 allow tcp from any to any 993 out $IPFWC 1050 allow tcp from any to any 587 in $IPFWC 1060 allow tcp from any to any 587 out # deny and log everything $IPFWC 9000 deny log all from any to any ---- !delay & # 1Mbps, 80msec, パケットロス率 10% (それなりな LTE 程度) ipfw pipe 1 config bw 1Mbit/s delay 80ms plr 0.1 # 180kbps, 300msec, パケットロス率 30% (MVNOの遅いやつ程度) ipfw pipe 1 config bw 180Kbit/s delay 300ms plr 0.3 # 100kbps, 800msec, パケットロス率 50% (パケ詰まり) ipfw pipe 1 config bw 100Kbit/s delay 800ms plr 0.5 ---- ! 一覧 # ipfw -a list[Enter] ---- Tips http://murasaki.cocolog-nifty.com/cloud/2009/08/ipfw-a0b2.html