老地方冰果室交流區 :: 檢視主題

$ mkdir /Library/StartupItems/Firewall
$ vi /Library/StartupItems/StartupParameters.plist

{
Description = "Customized Firewall Rules";
Provides = ("Firewall");
Requires = ("NetworkExtensions");
OrderPreference = "None";
Messages =
{
start = "Starting Customized Firewall Rules.....";
stop = "Stopping Customized Firewall Rules.....";
};
}

$ vi /Library/StartupItems/Firewall/Firewall

#!/bin/sh

. /etc/rc.common

IPFW=/sbin/ipfw
StartService ()
{
ConsoleMessage "Setting Customized Firewall Rules"
ConsoleMessage " Prevent from receiving anything from other office at udp port 2222."
${IPFW} add deny udp from any to any 2222 via en*
ConsoleMessage " Prevent Microsoft Office's piracy detection mechanism from broadcasting product IDs and access information through a random tcp port greater than 3000 (the ones we saw were all in the range 3000 to 3999) to local subnet."
${IPFW} add deny tcp from any to any 3000-3999 in recv en* setup
ConsoleMessage -S
}

StopService ()
{
ConsoleMessage "Flushing Customized Firewall Rules"
${IPFW} -f flush
}

RestartService ()
{
ConsoleMessage "Using New Customized Firewall Rules"
StopService
StartService
}

RunService "$1"

$ chmod +x /Library/StartupItems/Firewall/Firewall

$ sudo /sbin/SystemStarter start "Firewall"

$ sudo /sbin/SystemStarter stop "Firewall"

$ /Library/StartupItems/Firewall/Firewall start
$ /Library/StartupItems/Firewall/Firewall stop
$ /Library/StartupItems/Firewall/Firewall restart

發表人:	謝孟叡 [ 03/18/2005 7:52 pm ]
文章主題 :	Startup Item 小例
作好這個 Startup Item 有段時間了，但是因為一直不知道開啟的 service 的依存性, 所以一直搞不定，現在大概已經解決了。要作 Startup Item 可以直接在 /Library/StartupItems/ 開一個自己要的目錄，然後在裡面寫一個 Script 和一個 StartupParameters.plist 檔案就可以了。以下是我作的：代碼: $ mkdir /Library/StartupItems/Firewall $ vi /Library/StartupItems/StartupParameters.plist (沒有使用 sudo 的原因是 /Library/StartupItems 通常不需要 root 權限就能覆寫。) StartupParameters.plist 長成這樣（說明：NetworkExtensions 一定要在 ipfw 指令以前就要完成，沒有完成的話 ipfw 不會動。）代碼: { Description = "Customized Firewall Rules"; Provides = ("Firewall"); Requires = ("NetworkExtensions"); OrderPreference = "None"; Messages = { start = "Starting Customized Firewall Rules....."; stop = "Stopping Customized Firewall Rules....."; }; } 然後新建一個 Script 代碼: $ vi /Library/StartupItems/Firewall/Firewall Script 長這樣代碼: #!/bin/sh . /etc/rc.common IPFW=/sbin/ipfw StartService () { ConsoleMessage "Setting Customized Firewall Rules" ConsoleMessage " Prevent from receiving anything from other office at udp port 2222." ${IPFW} add deny udp from any to any 2222 via en* ConsoleMessage " Prevent Microsoft Office's piracy detection mechanism from broadcasting product IDs and access information through a random tcp port greater than 3000 (the ones we saw were all in the range 3000 to 3999) to local subnet." ${IPFW} add deny tcp from any to any 3000-3999 in recv en* setup ConsoleMessage -S } StopService () { ConsoleMessage "Flushing Customized Firewall Rules" ${IPFW} -f flush } RestartService () { ConsoleMessage "Using New Customized Firewall Rules" StopService StartService } RunService "$1" 記得要修改權限代碼: $ chmod +x /Library/StartupItems/Firewall/Firewall 然後要重開機才會動。當然也可以用 root 權限啟動代碼: $ sudo /sbin/SystemStarter start "Firewall" 或是洗掉 firewall rule 代碼: $ sudo /sbin/SystemStarter stop "Firewall"

發表人:	悲 [ 03/18/2005 8:37 pm ]
文章主題 :
引言回覆: 誰來告訴我要怎麼能用到 StopService() ? 手動的 start、stop、restart，試試：代碼: $ /Library/StartupItems/Firewall/Firewall start $ /Library/StartupItems/Firewall/Firewall stop $ /Library/StartupItems/Firewall/Firewall restart

發表人:	謝孟叡 [ 03/19/2005 4:58 am ]
文章主題 :
悲寫: 引言回覆: 誰來告訴我要怎麼能用到 StopService() ? 手動的 start、stop、restart，試試：代碼: $ /Library/StartupItems/Firewall/Firewall start $ /Library/StartupItems/Firewall/Firewall stop $ /Library/StartupItems/Firewall/Firewall restart 啊，未完成作品被悲老抓到～～見笑見笑。

老地方冰果室交流區 http://ubb.frostyplace.com.tw/

Startup Item 小例 http://ubb.frostyplace.com.tw/viewtopic.php?f=13&t=15140	第 1 頁 (共 1 頁)

第 1 頁 (共 1 頁)	所有顯示的時間為 UTC + 8 小時
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/