# portsnap fetch extract
# cd /usr/ports/ports-mgmt/pkg && make reinstall clean
Installing pkg-1.10.1...
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/lib/libpkg.so.4.0.0
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://wiki.freebsd.org/pkgng
===> Cleaning for pkg-1.10.1
# pkg install nginx
# vi /etc/pf.conf
public_int = "xn0" # public interface
tcp_svcs = "{ 22 80 443 }" # tcp service ports
icmp_types = "{ echoreq, unreach }" # icmp types
## ignore loopback interface
set skip on lo
## restrict incoming traffic / unrestrict outgoing traffic
block in all
pass out all
## allow tcp ports specified by $tcp_svcs
pass in quick on $public_int proto tcp from any to any port $tcp_svcs
## allow icmp request types specified by $icmp_types
pass in inet proto icmp all icmp-type $icmp_types
# vi /etc/rc.conf
pf_enable="YES"
pf_rules="/etc/pf.conf"
nginx_enable="YES"
# vi /usr/local/etc/nginx/nginx.conf
# service nginx start
沒有留言:
張貼留言