>inet="192.168.2.0/24"
>iip="192.168.2.99"
>
># drop old rules
>${fwcmd} -f flush
>
># local trafic
>${fwcmd} add 100 pass all from any to any via lo0
>${fwcmd} add 200 deny all from any to 127.0.0.0/8
>${fwcmd} add 300 deny ip from 127.0.0.0/8 to any ${fwcmd} add 400 divert natd ip from any to any via ${oif}
># ICQ
>${fwcmd} add 6100 allow tcp from any to any 5190
>${fwcmd} add 6200 allow tcp from any 5190 to any
>
># pptp
>${fwcmd} add 7100 allow tcp from any to me 1723
>${fwcmd} add 7200 allow tcp from me 1723 to any
>
>${fwcmd} add 65000 allow ip from any to any
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:-) Это просто песня.
${fwcmd} add 64900 deny log ip from any to any
Не включайте для natd опцию -unregistered_only