URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID10
Нить номер: 927
[ Назад ]

Исходное сообщение
"Поможите люди добрые с COUUT-ом в IPFW"
Отправлено Ustal , 08-Окт-03 10:40

Проблема у меня следуюшая есть сервер в 3-я карточками на Free конечно.
по павилам каунт выдаються НУЛИ! (((
дальше следуют примеры моих конфигов. Сразу скажу правила каун пробовал вставлять и сверху и снизу и с in и out уже просто ума не приложу в чём собчтвенно дело!
rc.conf:
defaultrouter="213.x.x.1"
firewall_enable="YES"
firewall_logging="YES"
firewall_type="Company"
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
font8x8="cp866-8x8"
gateway_enable="YES"
hostname="firewall.talgar.ru"
ifconfig_ed1="inet 213.x.x.136  netmask 255.255.255.240"
ifconfig_ep0="inet 213.x.x.40  netmask 255.255.255.192"
ifconfig_xl0="inet 194.x.x.14  netmask 255.255.255.0"
inetd_enable="YES"
keymap="ru.koi8-r"
keyrate="fast"
linux_enable="YES"
mousechar_start="3"
moused_enable="YES"
moused_port="/dev/cuaa0"
moused_type="microsoft"
natd_enable="YES"
natd_flags="/etc/ntd.conf"
natd_interface="ed1"
saver="dragon"
scrnmap="koi8-r2cp866"
sshd_enable="YES"
sshd_flags=""
sshd_program="/usr/sbin/sshd"
usbd_enable="NO"
usbd_enable="YES"
rc.firewall
[Cc][Oo][Mm][Pp][Aa][Nn][Yy])
${fwcmd} add pass all from any to any via lo0
${fwcmd} add divert natd all from 194.x.x.0/24  to any via ed1
${fwcmd} add divert natd all from 194.x.x.45  to any via ed1
${fwcmd} add count all from 194.x.x.45 to any via ed1
${fwcmd} add allow all from any to 194.x.x.45 via ed1
${fwcmd} add count all from any to 194.x.x.45 via ed1
${fwcmd} add divert natd all from 194.x.x.44  to any via ed1
${fwcmd} add count all from 194.x.x.44 to any via ed1
${fwcmd} add allow all from any to 194.x.x.44 via ed1
${fwcmd} add count all from any to 194.x.x.44 via ed1
${fwcmd} add divert natd all from 194.x.x.42  to any via ed1
${fwcmd} add count all from 194.x.x.42 to any via ed1
${fwcmd} add allow all from any to 194.x.x.42 via ed1
${fwcmd} add count all from any to 194.x.x.42 via ed1
${fwcmd} add deny log all from 10.0.0.0/8 to any
${fwcmd} add deny log all from 172.16.0.0/12 to any
${fwcmd} add deny log all from 192.168.0.0/16 to any
${fwcmd} add deny log all from 0.0.0.0/8 to any
${fwcmd} add deny log all from 169.254.0.0/16 to any
${fwcmd} add deny log all from 192.0.2.0/24 to any
${fwcmd} add deny log all from 198.18.0.0/15 to any
${fwcmd} add deny log all from 224.0.0.0/4 to any
${fwcmd} add deny log all from 240.0.0.0/4 to any
#${fwcmd} add pass tcp from any 5190 to any setup
${fwcmd} add pass log tcp from any 5190 to any
${fwcmd} add pass log tcp from any 4000 to any
${fwcmd} add pass all from any 119 to any
${fwcmd} add pass all from any to any 119
${fwcmd} add pass all from any 82 to 213.x.x.129
${fwcmd} add count all from any to 213.x.x.129
${fwcmd} add pass all from 213.x.x.129 to any
${fwcmd} add count all from 213.x.x.129 to any
${fwcmd} add pass all from any 80 to 213.x.x.130
${fwcmd} add count all from any to 213.x.x.130
${fwcmd} add pass all from 213.x.x.130 to any
${fwcmd} add count all from 213.x.x.130 to any
${fwcmd} add pass all from any 25,110,80,81,20,21,82,22 to 213.x.x.132
${fwcmd} add count all from any to 213.x.x.132
${fwcmd} add pass all from 213.x.x.132 to any
${fwcmd} add count all from 213.x.x.132 to any
${fwcmd} add pass all from any to 213.x.x.133
${fwcmd} add count all from any to 213.x.x.133
${fwcmd} add pass all from 213.x.x.132 to any
${fwcmd} add count all from 213.x.x.133 to any
${fwcmd} add pass all from 213.x.x.143/28 to 213.x.x.136
${fwcmd} add count all from 213.x.x.143/28 to 213.x.x.136
${fwcmd} add pass tcp from 213.x.x.136 to any
${fwcmd} add count all from 213.x.x.136 to any
${fwcmd} add pass all from 194.x.x.0/24 to any via xl0
${fwcmd} add count all from 194.x.x.0/24 to any via xl0
${fwcmd} add pass all from via xl0 to 194.x.x.0/24
${fwcmd} add count all from any via xl0 to 194.x.x.0/24
${fwcmd} add pass all from 213.x.x.40 to any
${fwcmd} add count all from any to 213.x.x.132
${fwcmd} add pass all from any 80,20,21 to 213.x.x.137
${fwcmd} add count all from any to 213.x.x.137
${fwcmd} add pass all from 213.x.x.137 to any
${fwcmd} add count all from 213.x.x.137 to any
${fwcmd} add pass all from any 25,110,81,53 to 213.x.x.138
${fwcmd} add count all from any to 213.x.x.138
${fwcmd} add pass all from 213.x.x.138 to any
${fwcmd} add count all from 213.x.x.138 to any
${fwcmd} add pass tcp from any 80 to 213.x.x.140
${fwcmd} add count all from any to 213.x.x.140
${fwcmd} add pass all from 213.x.x.140 to any
${fwcmd} add count all from 213.x.x.140 to any
${fwcmd} add pass tcp from any 25,110,80 to 213.x.x.141
${fwcmd} add count all from any to 213.x.x.141
${fwcmd} add pass all from 213.x.x.141 to any
${fwcmd} add count all from 213.x.x.140 to any
# Deny inbound NTP queries without logging.
${fwcmd} add deny udp from any to any 123
# Allow traceroute to function, but not to get in.
${fwcmd} add unreach port udp from any to any 33435-33524
# Allow some inbound icmps - echo reply, dest unreach, source quench,
# echo, ttl exceeded.
${fwcmd} add allow icmp from any to any icmptypes 0,3,4,8,11,12
# Broadcasts are denied and not logged.
${fwcmd} add deny all from any to 255.255.255.255
# Everything else is denied and logged.
${fwcmd} add deny log all from any to any
Вот таккие пироги! По правилам count не считаеться ничего!
ХЭЛП!

Содержание

Поможите люди добрые с COUUT-ом в IPFW,Ustal, 13:44 , 08-Окт-03

Сообщения в этом обсуждении

"Поможите люди добрые с COUUT-ом в IPFW"
Отправлено Ustal , 08-Окт-03 13:44

Уважаемые всем спасибо, я справился! Дело за малым навоять ПХП скрипт для кравивого отображения картинок