Здравствуйте.
Вот дождались со дня на день подключаемся к инет, подскажите правильно ли я настрил firewall с точки зрения безопастности
система freeBSD 5.4
в инет будут ходить через мой прокси, поэму НАТ не надо.
должна работать почта, синхронизация времени с сервера инет, ну и запросы DNS.
это часть касаемоя внешнего соеденения.

iflocal="fxp0"
ifout="xl0"
iplocal="192.168.1.1"
ipout="xxx.xxx.xxx.xxx"
maskout"255.255.255.240"

${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to  127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any

# Stop spoofing
${fwcmd} add deny all from ${ipout}:${maskout} to any in via ${iflocal}
${fwcmd} add deny all from ${netlocal} to any in via ${ifout}

${fwcmd} add deny all from 10.0.0.0/8 to any via ${ifout}
${fwcmd} add deny all from 172.26.0.0/12 to any via ${ifout}
${fwcmd} add deny all from 192.168.0.0/16 to any via ${ifout}

${fwcmd} add deny all from any to 10.0.0.0/8 via ${ifout}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${ifout}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${ifout}

${fwcmd} add  deny icmp from any to any frag
${fwcmd} add  pass icmp from any to any

${fwcmd} add pass udp from any to ${ipout} 53 in  via ${ifout}
${fwcmd} add pass udp from ${ipout} 53 to any out via ${ifout}

${fwcmd} add pass tcp from any 80 to ${ipout} in  via ${ifout} established
${fwcmd} add pass tcp from ${ipout} to any 80 out via ${ifout}
${fwcmd} add pass udp from any 80 to ${ipout} in  via ${ifout} established
${fwcmd} add pass udp from ${ipout} to any 80 out via ${ifout}

${fwcmd} add pass tcp from any 20,21 to ${ipout} in  via ${ifout} established
${fwcmd} add pass tcp from ${ipout} to any 20,21 out via ${ifout}

${fwcmd} add pass tcp from any 443 to ${ipout} in  via ${ifout} established
${fwcmd} add pass tcp from ${ipout} to any 443 out via ${ifout}

${fwcmd} add pass tcp from any to ${ipout} 25 in  via ${ifout}
${fwcmd} add pass tcp from ${ipout} 25 to any out via ${ifout}
${fwcmd} add pass udp from any to ${ipout} 25 in  via ${ifout}

${fwcmd} add pass tcp from any 110 to ${ipout} in  via ${ifout}
${fwcmd} add pass tcp from ${ipout} to any 110 out via ${ifout}

${fwcmd} add pass tcp from any 143 to ${ipout} in  via ${ifout}
${fwcmd} add pass tcp from ${ipout} to any 143 out via ${ifout}

${fwcmd} add pass udp from ${timeServer} 123 to ${ipout} 123 in  via ${ifout}
${fwcmd} add pass udp from ${ipout} 123 to ${timeServer} 123 out via ${ifout}

• freebsd IPFW безопастная настройка, flvby, 14:12 , 17-Окт-05, (1)