Странное дело. Вот мои правила ipfw:
gw# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to 172.19.7.255,81.13.61.255 in via fxp0
00500 deny ip from any to not 172.19.5.175,91.197.9.104 in via fxp0
00600 deny ip from 172.19.0.0/16,81.13.0.0/16 to any in via fxp0
00700 deny ip from any to 224.0.0.0/8,255.255.255.255 in via fxp0
00800 deny ip from any to 224.0.0.0/8,255.255.255.255 in via fxp1
00900 deny udp from any to any dst-port 137,138 in via fxp0
01000 deny ip from 192.168.5.0/24 to any dst-port 137,138 in via fxp1
01100 allow ip from me to 10.10.10.3
01200 allow ip from 10.10.10.3 to me
01300 divert 8668 ip4 from any to any via tun0
01400 allow tcp from any to any established
01500 check-state
01600 allow tcp from 192.168.5.0/24,91.197.9.104 to any dst-port 60179,80,443 setup
01700 allow log logamount 1500 tcp from 192.168.5.0/24,91.197.9.104 to any dst-port 110 setup
01800 allow log logamount 1500 tcp from 192.168.5.0/24,91.197.9.104 to any dst-port 25 setup
01900 allow tcp from 192.168.5.0/24,91.197.9.104 to any dst-port 3389-3400 setup
02000 allow tcp from any to any dst-port 22 setup
02100 allow tcp from any to 192.168.5.0/24 dst-port 3389 setup
02200 allow icmp from any to any keep-state
02300 allow udp from any to any dst-port 161 keep-state
02400 allow udp from me to any dst-port 53,123 keep-state
02500 allow tcp from me to any dst-port 53,123 setup
02600 allow udp from 192.168.5.1 to any dst-port 53 keep-state
02700 allow tcp from 192.168.5.1 to any dst-port 53 setup
02800 deny log logamount 1500 ip from any to any
65535 deny ip from any to anyИ не смотря на то, что в первых рядах идёт прямое запрещение команда
tcpdump -i fxp0 -n udp port 137
показывает следующую картину: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
21:18:28.101980 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:18:28.851802 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:18:29.601670 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:18:31.030861 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:18:31.780227 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:18:32.530160 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:19:05.881101 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:19:06.630215 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:19:07.380177 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:19:08.759661 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:19:09.508921 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
21:19:10.258860 IP 81.13.61.240.137 > 81.13.61.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
Как это может быть? Почему пакеты проваливаются до tcpdump?
есть три интерфейса:
fxp0 - внешний
fxp1 - внутренний
tun0 - vpn-соединение для интернета.
|
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(ok) on 14-Июн-08, 21:25 
