Translation

(itstool) path: sect3/para
Adressses can be specified as IPv4 in numeric format or IPv6 in square brackets. An interface name like <literal><replaceable>em0</replaceable></literal> can also be used.
101/1710
Context English Chinese (Simplified) (zh_CN) State
An example blacklistd.conf entry for a local rule looks like this:
blacklistd.conf 中的本地规则类似这样:
[local]
ssh stream * * * 3 24h
[local]
ssh stream * * * 3 24h
All rules that follow the <literal>[local]</literal> section are treated as local rules (which is the default), applying to the local machine. When a <literal>[remote]</literal> section is encountered, all rules that follow it are handled as remote machine rules.
遵循<literal>[local]</literal>部分的所有规则都被视为本地规则(这是默认的),适用于本地机器。当遇到<literal>[remote]</literal>部分时,所有遵循该部分的规则都将作为远程机器规则处理。
Seven fields define a rule separated by either tabs or spaces. The first four fields identify the traffic that should be blacklisted. The three fields that follow define backlistd's behavior. Wildcards are denoted as asterisks (<literal>*</literal>), matching anything in this field. The first field defines the location. In local rules, these are the network ports. The syntax for the location field is as follows:
七个字段定义由制表符或空格分隔的规则。前四个字段标识应列入黑名单的流量。随后的三个字段定义了列入后列表的行为。通配符表示为星号( <literal> * </literal> ),匹配此字段中的任何内容。第一个字段定义位置。在本地规则中,这些是网络端口。 location字段的语法如下:
[<replaceable>address</replaceable>|<replaceable>interface</replaceable>][/<replaceable>mask</replaceable>][:<replaceable>port</replaceable>]
[<replaceable>address</replaceable>|<replaceable>interface</replaceable>][/<replaceable>mask</replaceable>][:<replaceable>port</replaceable>]
Adressses can be specified as IPv4 in numeric format or IPv6 in square brackets. An interface name like <literal><replaceable>em0</replaceable></literal> can also be used.
Adressses 可以指定为数字格式的 IPv4 或方括号内的 IPv6。也可以使用像<literal><replaceable>em0</replaceable></literal>这样的接口名称。
The socket type is defined by the second field. TCP sockets are of type <literal>stream</literal>, whereas UDP is denoted as <literal>dgram</literal>. The example above uses TCP, since SSH is using that protocol.
套接字段的类型由第二个字段定义。TCP套接字段的类型是<literal>stream</literal>,而UDP则表示为<literal>dgram</literal>。上面的例子使用的是TCP,因为SSH使用的是该协议。
A protocol can be used in the third field of a blacklistd rule. The following protocols can be used: <literal>tcp</literal>, <literal>udp</literal>, <literal>tcp6</literal>, <literal>udp6</literal>, or numeric. A wildcard, like in the example, is typically used to match all protocols unless there is a reason to distinguish traffic by a certain protocol.
黑名单规则的第三个字段指定协议。可以指定以下协议:<literal>tcp</literal>,<literal>udp</literal>,<literal>tcp6</literal>,<literal>udp6</literal>,或者通配符,如示例中的通配符,通常用于匹配所有的协议,除非有理由用某种协议来区分流量。
In the fourth field, the effective user or owner of the daemon process that is reporting the event is defined. The username or <acronym>UID</acronym> can be used here, as well as a wildcard (see example rule above).
在第四个字段中,定义了报告事件的守护进程的有效用户或所有者。这里可以使用用户名或<acronym>UID</acronym>,也可以使用通配符(见上面的示例规则)。
The packet filter rule name is declared by the fifth field, which starts the behavior part of the rule. By default, blacklistd puts all blocks under a pf anchor called <literal>blacklistd</literal> in <filename>pf.conf</filename> like this:
数据包筛选器规则名称由第五个字段声明,该字段启动规则的行为部分。默认情况下,黑名单将所有块置于 pf 锚点下,名为 <literal>blacklistd</literal>,位于 <filename>pf.conf</filename>,如下所示:
anchor "blacklistd/*" in on $ext_if
block in
pass out
anchor "blacklistd/*" in on $ext_if
block in
pass out

Loading…

Adressses can be specified as IPv4 in numeric format or IPv6 in square brackets. An interface name like <literal><replaceable>em0</replaceable></literal> can also be used.
Adressses 可以指定为数字格式的 IPv4 或方括号内的 IPv6。也可以使用像<literal></replaceable>em0</replaceable></literal>这样的接口名称。
a month ago
Adressses can be specified as IPv4 in numeric format or IPv6 in square brackets. An interface name like <literal><replaceable>em0</replaceable></literal> can also be used.
Adressses 可以指定为数字格式的 IPv4 或方括号内的 IPv6。也可以使用像<literal></replaceable>em0</replaceable></literal>这样的接口名称。
a month ago
Browse all component changes

Glossary

English Chinese (Simplified) (zh_CN)
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect3/para
Labels
No labels currently set.
Source string location
book.translate.xml:61674
Source string age
9 months ago
Translation file
books/zh_CN/handbook.po, string 10095