• English
  • Japanese

Mac OS X におけるネットワークセキュリティ IPv6

ファイアウォールの設定詳細

TCP のみ制限を行った場合の ip6fw list の出力 

02000 allow ipv6 from any to any via lo*
02010 deny ipv6 from ::1 to any in
02020 deny ipv6 from any to ::1 in
02030 deny ipv6 from ff00::/8 to any in
02040 deny tcp from any to ff00::/8 in
02050 allow tcp from any to any out
02060 allow tcp from any to any established
12190 deny tcp from any to any
65535 allow ipv6 from any to any

TCP および UDP を制限した場合の ip6fw list の出力 

02000 allow ipv6 from any to any via lo*
02010 deny ipv6 from ::1 to any in
02020 deny ipv6 from any to ::1 in
02030 deny ipv6 from ff00::/8 to any in
02040 deny tcp from any to ff00::/8 in
02050 allow tcp from any to any out
02060 allow tcp from any to any established
12190 deny tcp from any to any
20310 allow udp from any to any 53 in
20320 allow udp from any to any 68 in
20340 allow udp from any to any 137 in
20350 allow udp from any to any 427 in
20360 allow udp from any to any 631 in
20370 allow udp from any to any 5353 in
22000 allow udp from any to any 123 in
30520 allow udp from any to any in frag
35000 deny udp from any to any in
65535 allow ipv6 from any to any

TCP,UDP を制限し,ステルスモードを使用した場合の ip6fw list の出力 

02000 allow ipv6 from any to any via lo*
02010 deny ipv6 from ::1 to any in
02020 deny ipv6 from any to ::1 in
02030 deny ipv6 from ff00::/8 to any in
02040 deny tcp from any to ff00::/8 in
02050 allow tcp from any to any out
02060 allow tcp from any to any established
12190 deny tcp from any to any
20000 deny ipv6-icmp from any to any in icmptype 128
20310 allow udp from any to any 53 in
20320 allow udp from any to any 68 in
20340 allow udp from any to any 137 in
20350 allow udp from any to any 427 in
20360 allow udp from any to any 631 in
20370 allow udp from any to any 5353 in
22000 allow udp from any to any 123 in
30520 allow udp from any to any in frag
35000 deny udp from any to any in
65535 allow ipv6 from any to any

最終更新日: 2011年7月2日

内容はここまでです。


Copyright (C) 2010 - 2025 Keio University All Rights Reserved.