= iptables = WikiPedia:Iptables ´Â ¸®´ª½º 2.4 ÀÌÀü ¹öÀü¿¡¼­ ¾²ÀÌ´ø WikiPedia:Ipchains ¸¦ ´ë½ÅÇÏ´Â IP ¼öÁØÀÇ ÆÐŶ ó¸® À¯Æ¿¸®Æ¼ÀÔ´Ï´Ù. Netfilter¶ó ºÒ¸®´Â Ä¿³Î ³»ÀÇ ÆÐŶ ÇÊÅ͸µ ±â´ÉÀ» »ç¿ëÀÚ °ø°£¿¡¼­ Á¦¾îÇÏ´Â µ¥¿¡ »ç¿ëµË´Ï´Ù. ±âº»ÀûÀ¸·Î´Â ƯÁ¤ Á¶°ÇÀ» °¡Áø ÆÐŶ¿¡ ´ëÇÑ Çã¿ë(ACCEPT)°ú Â÷´Ü(DROP) µîÀ» ÁöÁ¤ÇØ ÁÙ ¼ö ÀÖÁö¸¸, ¼ö¸¹Àº È®Àå ±â´ÉÀ» ÅëÇØ ´Ù¾çÇÑ ¹æ½ÄÀÇ ÇÊÅ͸µ(match: ÇÁ·ÎÅäÄÝ, ±æÀÌ, !ToS, ...)°ú ó¸® ¹æ½Ä(target: NAT, ·Î±ë, ¸¶Å·, Àüȯ, ...)À» Áö¿øÇÏ°í ÀÖ½À´Ï´Ù. ¸®´ª½º ±â¹ÝÀÇ ¿©·¯ °ø°³/»ó¿ë ¹æÈ­º®µé ¹× ±âŸ ³×Æ®¿öÅ© ÀåºñµéÀÌ [iptables]¸¦ ÀÌ¿ëÇÏ°í ÀÖ½À´Ï´Ù. * http://www.netfilter.org/ : netfilter/iptables ȨÆäÀÌÁö * {{{/lib/modules/{version}/kernel/net/ipv4/netfilter}}} µð·ºÅ͸®¿¡ È®Àå ±â´ÉÀ» À§ÇÑ ¿ÀºêÁ§Æ® ÆÄÀϵéÀÌ ÀÖ½À´Ï´Ù. * Ä¿³Î ¿É¼Ç Æ®¸®ÀÇ 'Device Drivers/Networking support/Networking options/Network packet filtering' ÇÏ¿¡ °ü·Ã ¿É¼ÇµéÀÌ À§Ä¡ÇÕ´Ï´Ù. (2.6 ±âÁØ) * Netfilter ¼³Á¤ÀÇ ÀúÀå°ú º¹±¸¸¦ À§ÇØ {{{iptables-save}}}¿Í {{{iptables-restore}}} ÇÁ·Î±×·¥ÀÌ »ç¿ëµË´Ï´Ù. * À¯»çÇÑ ÇÁ·Î±×·¥À¸·Î arptables°¡ ÀÖ½À´Ï´Ù. ºê¸®Áö ¹æÈ­º®¿¡¼­ ¸µÅ© ·¹À̾î(ÀÌ´õ³Ý)¿¡¼­ÀÇ ÇÊÅ͸µ µîÀ» ¼öÇàÇÏ´Â [http://ebtables.sourceforge.net/ bridge-netfilter]ÀÇ »ç¿ëÀÚ °ø°£ À¯Æ¿¸®Æ¼ÀÔ´Ï´Ù. == KLDPWiki ³»ÀÇ °ü·Ã ¹®¼­ == * [wiki:LinuxdocSgml/Packet_Filtering-TRANS ¸®´ª½º 2.4 ÆÐŶ ÇÊÅ͸µ ÇÏ¿ìÅõ]: ÆÐŶ ÇÊÅ͸µ ÃÑ¾Ë °¡À̵å * [wiki:DocbookSgml/Netfilter-extensions-TRANS Netfilter È®Àå HOWTO]: ¿©·¯ È®Àå ±â´É¿¡ ´ëÇÑ »ç¿ë¹ý * [wiki:DocbookSgml/Masquerading-Simple-HOWTO Masquerading Simple HOWTO]: NAPT¿¡ ´ëÇÑ °£´ÜÇÑ ¼³¸í * [wiki:LinuxdocSgml/2.4_NAT-TRANS ¸®´ª½º 2.4 NAT HOWTO]: NAT¿¡ ´ëÇÑ Á»´õ ³ÐÀº ¼³¸í * [wiki:DocbookSgml/BridgeFirewall-HOWTO ¸®´ª½º·Î Bridge Firewall ¸¸µé±â]: [iptables]¿Í bridge ÆÐÄ¡¸¦ ÀÌ¿ëÇÑ ºê¸®Áö ¹æÈ­º® ¸¸µé±â * [wiki:Kernel%202.6%20%B1%E2%B9%DD%C0%C7%20Bridge%20Firwall%20%2B%20PPTP%28VPN%29%20%B1%B8%C3%E0%C7%CF%B1%E2%20Part%201. Kernel 2.6 ±â¹ÝÀÇ Bridge Firewall + PPTP(VPN) ±¸ÃàÇϱâ Part 1.]: Ä¿³Î 2.6À¸·Î ºê¸®Áö ¹æÈ­º® ¸¸µé±â * [wiki:DocbookSgml/Traffic_LoadBalancing-KLDP Linux kernel 2.4 ³×Æ®¿÷ Æ®·¡ÇÈ ºÐ»ê]: [iptables]¿Í iproute2¸¦ ÀÌ¿ëÇÑ Æ®·¡ÇÈ ºÐ»ê ¹æ¹ý == ±âŸ °ü·Ã ¹®¼­ == ÇöÀç iptables ¿¡ °üÇÑ Á¤º¸¸¦ ¸ðÀ¸°í ÀÖ½À´Ï´Ù. ÇÔ²² ¸ð¾Æ Á¤¸®ÇØ¿ä. * [http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html] * [http://iptables-tutorial.frozentux.net/iptables-tutorial.html http://iptables-tutorial.frozentux.net/iptables-tutorial.html] * [http://www.linuxguruz.com/iptables/howto/ http://www.linuxguruz.com/iptables/howto/] * [http://www.sns.ias.edu/~jns/security/iptables/ http://www.sns.ias.edu/~jns/security/iptables/] == ÆÁ == * targetÀ» ÁöÁ¤ÇÏÁö ¾Ê°í ±ÔÄ¢À» Áý¾î³ÖÀ¸¸é ÆÐŶ Ä«¿îÆ®¸¸ ¿Ã¶ó°¡°í ´ÙÀ½ ±ÔÄ¢À¸·Î ³Ñ¾î°©´Ï´Ù. °£´ÜÇÏ°Ô ÆÐŶ Ä«¿îÆÃÀ» ÇÏ´Â µ¥¿¡ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. '{{{-v}}}' ¿É¼ÇÀ» ºÙ¿©¼­ ¸®½ºÆÃÀ» Çϸé ÆÐŶ/¹ÙÀÌÆ® Ä«¿îÆ®°¡ ÇÔ²² Ç¥½ÃµË´Ï´Ù. == iptables script == * °¢ÀÚ »ç¿ëÇÏ°í ÀÖ´Â ÀϹÝÈ­µÈ »ç¿ë¸ñÀûÀÇ rule script¸¦ ¼Ò°³ÇØÁÖ¼¼¿ä. * "/etc/sysctl.conf"¿¡¼­ ´ÙÀ½ Ç׸ñÀ» È®ÀÎÇÏ¿© È°¼ºÈ­¸¦ ¹Ýµå½Ã ÇØÁÖ¾î¾ß ÇÕ´Ï´Ù. {{{ net.ipv4.ip_forward = 1 # IPv6 forward¸¦ Áö¿øÇÏ·Á¸é (ÀÌ °æ¿ì´Â ip6tables¸¦ »ç¿ëÇÏ´Â °æ¿ì°ÚÁÒ) # net.ipv6.ip_forward = 1 }}} * µÎ°³ÀÇ Interface¸¦ »ç¿ëÇÏ¿© °£´ÜÇÑ ÀÎÅÍ³Ý °øÀ¯±â·Î ¸¸µé¾îÁÖ´Â rule script {{{ #!/bin/sh # by minzkn # ¿ÜºÎ ÀÎÅͳÝÀÌ µÇ´Â interface (ADSLÀÎ °æ¿ì´Â ppp0°¡ µÇ°ÚÁÒ) IF_EXTERN=eth0 # ³»ºÎ gateway°¡ µÉ interface IF_LOCAL=eth1 # »ç¿ëÇÒ local ÁּҴ뿪 MASQUE_ADDRESS=192.168.0.0/24 #MASQUE_ADDRESS=10.0.0.0/8 /sbin/iptables -P INPUT ACCEPT /sbin/iptables -F INPUT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -F OUTPUT /sbin/iptables -P FORWARD DROP /sbin/iptables -F FORWARD /sbin/iptables -t nat -F /sbin/iptables -A FORWARD -i ${IF_EXTERN} -o ${IF_LOCAL} -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A FORWARD -i ${IF_LOCAL} -o ${IF_EXTERN} -j ACCEPT /sbin/iptables -A FORWARD -j LOG /sbin/iptables -t nat -A POSTROUTING -o ${IF_EXTERN} -s ${MASQUE_ADDRESS} -j MASQUERADE # ¿ÜºÎ·ÎºÎÅÍ ³»ºÎÀÇ IP·Î ƯÁ¤ Æ÷Æ®¸¦ Æ÷¿öµå½Ãų¶§ ´ÙÀ½°ú °°ÀÌ ÇÏ¸é µÊ. (¾Æ·¡ ¿¹½Ã´Â cvs portÀÎ 2401¸¦ 192.168.0.100 ¿¡ Æ÷¿öµå ½ÃÅ°´Â ¿¹Á¦) #/sbin/iptables -t nat -A PREROUTING -i ${IF_EXTERN} -p tcp --dport 2401 -j DNAT --to 192.168.0.100:2401 # End if masq_ip.sh }}} * ¹æÈ­º® ¹× °øÀ¯±â µÎ°¡Áö ¸ðµÎ¸¦ ¼Õ½±°Ô ¼³Á¤ÇÏ·Á°í ¸¸µé¾ú´ø script {{{ #!/bin/sh # Copyright (C) INFOEQ co.,LTD. # All rights reserved. # # Author: JaeHyuk Cho # # mzfirewall.sh version 1.0.0 20080530 EXEC_IPTABLES=/sbin/iptables EXEC_IFCONFIG=/sbin/ifconfig SERVER_INTERFACE=eth0 #SERVER_INTERFACE=eth1 #SERVER_INTERFACE=tun6to4 #SERVER_INTERFACE=bond0 # *** °øÀ¯±â ¼³Á¤ *** USE_NAT=yes # ¿ÜºÎ ÀÎÅͳÝÀÌ µÇ´Â interface (ADSLÀÎ °æ¿ì´Â ppp0°¡ µÇ°ÚÁÒ) EXTERN_INTERFACE=${SERVER_INTERFACE} # ³»ºÎ gateway°¡ µÉ interface LOCAL_INTERFACE=eth1 # »ç¿ëÇÒ local ÁּҴ뿪 MASQUE_ADDRESS=192.168.0.0/24 # ----------------------------------------------------- # ±â¹ÝÀÛ¾÷ Áغñ # Interface IP¸¦ ¾ò¾î¿Â´Ù. SERVER_IP=`${EXEC_IFCONFIG} ${SERVER_INTERFACE} | grep "\" | awk '{ gsub("addr:", "" ) ; print $2}'` CHAIN_NAME_PREFIX=MZSERVER # ----------------------------------------------------- # ±â¹ÝÇÔ¼ö (¶óÀ̺귯¸®) # ½Å±Ô chainÀ» »ý¼º ÇÔ¼ö - chain target s_mzfirewall_create_chain() { # »õ·Î¿î chainÀ» »ý¼ºÇÑ´Ù. ${EXEC_IPTABLES} -t filter -N ${2} # ³Ñ°ÜÁÙ chainÀ» Çü¼ºÇÑ´Ù. ${EXEC_IPTABLES} -t filter -A ${1} -j ${2} } # ÀÔ·Â °³º°°ÅºÎÁ¤Ã¥ ÇÔ¼ö - protocol source sport destination dport s_mzfirewall_block_input_drop() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_BLOCK_INPUT -p ${1} -s ${2} --sport ${3} -d ${4} --dport ${5} -j DROP } # ÀÔ·Â °³º°°ÅºÎÁ¤Ã¥ ÇÔ¼ö - protocol source destination s_mzfirewall_block_input_drop_noport() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_BLOCK_INPUT -p ${1} -s ${2} -d ${3} -j DROP } # ÀÔ·Â °ÅºÎÁ¤Ã¥ ÇÔ¼ö - protocol source sport destination dport s_mzfirewall_input_drop() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_INPUT -p ${1} -s ${2} --sport ${3} -d ${4} --dport ${5} -j DROP } # ÀÔ·Â °ÅºÎÁ¤Ã¥ ÇÔ¼ö - protocol source destination s_mzfirewall_input_drop_noport() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_INPUT -p ${1} -s ${2} -d ${3} -j DROP } # ÀÔ·Â Çã¿ëÁ¤Ã¥ ÇÔ¼ö - protocol source sport destination dport s_mzfirewall_input_accept() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_INPUT -p ${1} -s ${2} --sport ${3} -d ${4} --dport ${5} -j ACCEPT } # ÀÔ·Â Çã¿ëÁ¤Ã¥ ÇÔ¼ö - protocol source destination s_mzfirewall_input_accept_noport() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_INPUT -p ${1} -s ${2} -d ${3} -j ACCEPT } # Ãâ·Â °ÅºÎÁ¤Ã¥ ÇÔ¼ö - protocol source sport destination dport s_mzfirewall_output_drop() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_OUTPUT -p ${1} -s ${2} --sport ${3} -d ${4} --dport ${5} -j DROP } # Ãâ·Â °ÅºÎÁ¤Ã¥ ÇÔ¼ö - protocol source destination s_mzfirewall_output_drop_noport() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_OUTPUT -p ${1} -s ${2} -d ${3} -j DROP } # Ãâ·Â Çã¿ëÁ¤Ã¥ ÇÔ¼ö - protocol source sport destination dport s_mzfirewall_output_accept() { ${EXEC_IPTABLES} -I ${CHAIN_NAME_PREFIX}_OUTPUT -p ${1} -s ${2} --sport ${3} -d ${4} --dport ${5} -j ACCEPT } # Ãâ·Â Çã¿ëÁ¤Ã¥ ÇÔ¼ö - protocol source destination s_mzfirewall_output_accept_noport() { ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_OUTPUT -p ${1} -s ${2} -d ${3} -j ACCEPT } # ----------------------------------------------------- # ¼öÇàÇÔ¼ö # ÃʱâÈ­ °úÁ¤ mzfirewall_clean() { # ¸ðµç chainµéÀÇ ±ÔÄ¢À» »èÁ¦ÇÑ´Ù. ${EXEC_IPTABLES} -F # ±ÔÄ¢ÀÌ ¾ø´Â chainÀ» Á¦°ÅÇÑ´Ù. ${EXEC_IPTABLES} -X } # ±âº» Á¤Ã¥ ¼³Á¤ mzfirewall_default_raw() { # ÀÔ·ÂÀº ±âº»ÀûÀ¸·Î ¸ðµÎ ¸·´Â´Ù. ${EXEC_IPTABLES} -P INPUT DROP # Ãâ·ÂÀº ±âº»ÀûÀ¸·Î ¸ðµÎ Çã¿ëÇÑ´Ù. ${EXEC_IPTABLES} -P OUTPUT ACCEPT # Ãâ·ÂÀº ±âº»ÀûÀ¸·Î ¸ðµÎ Çã¿ëÇÑ´Ù. ${EXEC_IPTABLES} -P FORWARD ACCEPT } # »ó½Ä¼öÁØÀÇ ¹æÈ­º® Á¤Ã¥À» ¼³Á¤ÇÑ´Ù. mzfirewall_default_rule() { # À߸øµÈ TCP»óÅ´ ¸ðµÎ ¸·´Â´Ù. ${EXEC_IPTABLES} -A INPUT -p tcp -m state --state INVALID -j DROP # ÀÌ¹Ì Á¢¼ÓµÇ¾î ÀÖ´Â ¿¬°áÀº ÀÔ·ÂÀ» Çã¿ëÇÑ´Ù. ${EXEC_IPTABLES} -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT # loopbackÀÇ ¸ðµç ÀÔ·ÂÀº Çã¿ëÇÑ´Ù. ${EXEC_IPTABLES} -A INPUT -i lo -j ACCEPT ${EXEC_IPTABLES} -A INPUT -p tcp -d any/0 --dport auth -j ACCEPT } # ½Å±Ô chainÀ» »ý¼º mzfirewall_create_chain() { s_mzfirewall_create_chain INPUT ${CHAIN_NAME_PREFIX}_BLOCK_INPUT s_mzfirewall_create_chain INPUT ${CHAIN_NAME_PREFIX}_INPUT s_mzfirewall_create_chain OUTPUT ${CHAIN_NAME_PREFIX}_OUTPUT s_mzfirewall_create_chain FORWARD ${CHAIN_NAME_PREFIX}_FORWARD } # ÀÔ·Â ¹æÈ­º® Á¤Ã¥ mzfirewall_input_rules() { # domain accept s_mzfirewall_input_accept udp 0/0 domain 0/0 0: s_mzfirewall_input_accept tcp 0/0 domain 0/0 0: # ICMP ÀÔ·Â Çã¿ë s_mzfirewall_input_accept_noport icmp 0/0 0/0 # FTP ÀÔ·Â Çã¿ë s_mzfirewall_input_accept tcp 0/0 1024: 0/0 ftp s_mzfirewall_input_accept tcp 0/0 0: 0/0 ftp-data # TELNET ÀÔ·Â Çã¿ë s_mzfirewall_input_accept tcp 0/0 1024: 0/0 telnet # SSH ÀÔ·Â Çã¿ë s_mzfirewall_input_accept tcp 0/0 1024: 0/0 ssh # HTTP ÀÔ·Â Çã¿ë s_mzfirewall_input_accept tcp 0/0 1024: 0/0 http # ƯÁ¤ Æ÷Æ® ÀÔ·Â Çã¿ë s_mzfirewall_input_accept tcp 0/0 1024: 0/0 2744 } # Ãâ·Â ¹æÈ­º® Á¤Ã¥ - °ÅºÎÁ¤Ã¥À» ¸ÕÀú ±â¼úÇÕ´Ï´Ù. mzfirewall_output_rules() { # ¿ÜºÎ·ÎÀÇ IRCÁ¢¼Ó °ÅºÎ - IRC¸¦ »ç¿ëÇÏÁö ¾Ê´Â´Ù¸é IRCÃâ·Â°ÅºÎ¸¦ ÃßõÇÕ´Ï´Ù. #s_mzfirewall_output_drop tcp 0/0 0: 0/0 ircd # DOMAIN Ãâ·Â Çã¿ë s_mzfirewall_output_accept udp 0/0 0: 0/0 domain s_mzfirewall_output_accept tcp 0/0 0: 0/0 domain # SMTP Ãâ·Â Çã¿ë s_mzfirewall_output_accept udp 0/0 0: 0/0 smtp } # ºí·¢¸®½ºÆ® Â÷´Ü mzfirewall_block_input_rules() { # ±×³É ½ºÅ©¸³Æ® ¼öÁ¤Çؼ­ Ãß°¡ÇÒ¶§... s_mzfirewall_block_input_drop_noport all 210.212.219.61/32 0/0 # block.list ÆÄÀÏ¿¡ Â÷´ÜÇÒ IP¸ñ·ÏÀ» ¿­°ÅÇÏ¸é µÇ´Â ¹æ¹ý #exec < "block.list" #while read block_ip #do # block_ip=`echo ${block_ip} | sed 's/ //g'` # if ! [ $(echo ${block_ip} | grep "^#") ] ; then # if [ "${block_ip}" != "" ] ; then # s_mzfirewall_block_input_drop_noport all ${block_ip} 0/0 # fi # fi #done } # °øÀ¯±â mzfirewall_nat() { if [ "${USE_NAT}" = "yes" ]; then # POSTROUTINGÀº ³»ºÎ¿¡¼­ ¿ÜºÎ·Î Àü¼ÛÇÒ¶§ ±ÔÄ¢ÀÌ°í PREROUTINGÀº ¿ÜºÎ¿¡¼­ ³»ºÎ·Î Àü¼ÛÇÒ¶§ ±ÔÄ¢ÀÓ. # ±âº»ÀûÀ¸·Î Åë°ú½ÃÅ°´Â Interface °æ·Î¸¦ Çü¼ºÇÑ´Ù. ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_FORWARD -i ${EXTERN_INTERFACE} -o ${LOCAL_INTERFACE} -m state --state ESTABLISHED,RELATED -j ACCEPT ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_FORWARD -i ${LOCAL_INTERFACE} -o ${EXTERN_INTERFACE} -j ACCEPT ${EXEC_IPTABLES} -A ${CHAIN_NAME_PREFIX}_FORWARD -j LOG # Local IP address ´ë¿ªÀ» Masquerade ½ÃŲ´Ù. ${EXEC_IPTABLES} -t nat -A POSTROUTING -o ${EXTERN_INTERFACE} -s ${MASQUE_ADDRESS} -j MASQUERADE # ¿ÜºÎ·ÎºÎÅÍ ³»ºÎÀÇ IP·Î ƯÁ¤ Æ÷Æ®¸¦ Æ÷¿öµå½Ãų¶§ ´ÙÀ½°ú °°ÀÌ ÇÏ¸é µÊ. (¾Æ·¡ ¿¹½Ã´Â cvs portÀÎ 2401¸¦ 192.168.0.100 ¿¡ Æ÷¿öµå ½ÃÅ°´Â ¿¹Á¦) #${EXEC_IPTABLES} -t nat -A PREROUTING -i ${EXTERN_INTERFACE} -p tcp --dport 2401 -j DNAT --to 192.168.0.100:2401 fi } # °á°ú È®ÀÎ mzfirewall_report() { echo "iptables path is \"${EXEC_IPTABLES}\"" echo "server ip is \"${SERVER_IP}\" (${SERVER_INTERFACE})" ${EXEC_IPTABLES} --list } # ¹æÈ­º® »ç¿ë mzfirewall_start() { mzfirewall_clean mzfirewall_default_raw mzfirewall_default_rule mzfirewall_create_chain mzfirewall_input_rules mzfirewall_output_rules mzfirewall_block_input_rules mzfirewall_nat } # ¹æÈ­º® »ç¿ë¾ÈÇÔ mzfirewall_stop() { mzfirewall_clean # ÀÔ·ÂÀº ±âº»ÀûÀ¸·Î ¸ðµÎ Çã¿ëÇÑ´Ù. ${EXEC_IPTABLES} -P INPUT ACCEPT # Ãâ·ÂÀº ±âº»ÀûÀ¸·Î ¸ðµÎ Çã¿ëÇÑ´Ù. ${EXEC_IPTABLES} -P OUTPUT ACCEPT # Ãâ·ÂÀº ±âº»ÀûÀ¸·Î ¸ðµÎ Çã¿ëÇÑ´Ù. ${EXEC_IPTABLES} -P FORWARD ACCEPT } # ¹æÈ­º® Àç½ÃÀÛ mzfirewall_restart() { mzfirewall_stop mzfirewall_start } # ----------------------------------------------------- case "$1" in start) mzfirewall_start ;; stop) mzfirewall_stop ;; restart|reload) mzfirewall_restart ;; report|show|list|status) mzfirewall_report ;; *) echo $"Usage: $0 {start|stop|restart|status}" exit 1 esac # End of mzfirewall.sh }}} == Àü´Þ ¸Þ½ÃÁö == ¸µÅ© °É¾î³õÀ¸½Å ÆäÀÌÁö¸¦ Á÷Á¢ À§Å°¿¡ ºÙ¿©¼­ ¹ø¿ªÇصµ µÉ±î¿ä? - [jachin] [[Date]] ---- CategorySecurity