使用apf防火墙的可以以此为模板,稍加修改就可以拿来使用.

DEVEL_MODE="0"
INSTALL_PATH="/etc/apf"
IFACE_IN="eth0"
IFACE_OUT="eth0"
IFACE_TRUSTED="eth1"
SET_VERBOSE="1"
SET_FASTLOAD="0"
SET_VNET="0"
SET_ADDIFACE="0"
SET_MONOKERN="1"
SET_REFRESH="10"
SET_TRIM="150"
VF_ROUTE="1"
VF_CROND="1"
VF_LGATE=""
RAB="0"
RAB_SANITY="1"
RAB_PSCAN_LEVEL="2"
RAB_HITCOUNT="1"
RAB_TIMER="300"
RAB_TRIP="1"
RAB_LOG_HIT="1"
RAB_LOG_TRIP="0"
TCP_STOP="DROP"
UDP_STOP="DROP"
ALL_STOP="DROP"
PKT_SANITY="1"
PKT_SANITY_INV="0"
PKT_SANITY_FUDP="1"
PKT_SANITY_PZERO="1"
TOS_DEF="0"
TOS_DEF_RANGE="512:65535"
TOS_0=""
TOS_2=""
TOS_4=""
TOS_8="21,20,80"
TOS_16="25,110,143"
TCR_PASS="1"            TCR_PORTS="33434:33534"
ICMP_LIM="30/s"
RESV_DNS="1"
RESV_DNS_DROP="1"
BLK_P2P_PORTS="1214,2323,4660_4678,6257,6699,6346,6347,6881_6889,6346,7778"
BLK_PORTS="135_139,111,513,520,445,1433,1434,1234,1524,3127"
BLK_MCATNET="0"
BLK_PRVNET="0"
BLK_RESNET="1"
BLK_IDENT="0"
SYSCTL_CONNTRACK="34576"
SYSCTL_TCP="1"
SYSCTL_SYN="1"
SYSCTL_ROUTE="0"
SYSCTL_LOGMARTIANS="0"
SYSCTL_ECN="0"
SYSCTL_SYNCOOKIES="1"
SYSCTL_OVERFLOW="0"
HELPER_SSH="1"
HELPER_SSH_PORT="22"
HELPER_FTP="1"
HELPER_FTP_PORT="21"
HELPER_FTP_DATA="20"
IG_TCP_CPORTS="80"
IG_UDP_CPORTS=""
IG_ICMP_TYPES="3,5,11,0,30,8"
EGF="0"
EG_TCP_CPORTS="21,25,80,443,43"
EG_UDP_CPORTS="20,21,53"
EG_ICMP_TYPES="all"
EG_TCP_UID=""
EG_UDP_UID=""
EG_DROP_CMD="eggdrop psybnc bitchx BitchX init udp.pl"
DLIST_PHP="0"
DLIST_PHP_URL="rfxn.com/downloads/php_list"
DLIST_PHP_URL_PROT="http"
DLIST_SPAMHAUS="0"
DLIST_SPAMHAUS_URL="www.spamhaus.org/drop/drop.lasso"
DLIST_SPAMHAUS_URL_PROT="http"
DLIST_DSHIELD="1"
DLIST_DSHIELD_URL="feeds.dshield.org/top10-2.txt"
DLIST_DSHIELD_URL_PROT="http"
DLIST_RESERVED="1"
DLIST_RESERVED_URL="rfxn.com/downloads/reserved.networks"
DLIST_RESERVED_URL_PROT="http"
DLIST_ECNSHAME="0"
DLIST_ECNSHAME_URL="rfxn.com/downloads/ecnshame.lst"
DLIST_ECNSHAME_URL_PROT="http"
USE_RGT="0"
GA_URL="yourhost.com/glob_allow.rules"
GA_URL_PROT="http"
GD_URL="yourhost.com/glob_deny.rules"
GD_URL_PROT="http"
LOG_DROP="0"
LOG_LEVEL="crit"
LOG_TARGET="LOG"
LOG_IA="1"
LOG_LGATE="0"
LOG_EXT="0"
LOG_RATE="30"
LOG_APF="/var/log/apf_log"
CNFINT="$INSTALL_PATH/internals/internals.conf"
. $CNFINT