>[оверквотинг удален]
>>правило идет после allow ip from localnet to me и from
>>me to localnet. другие правила на него не влияют.
>
>ща какойнибудь телепат придет напишет полный список правил фаревола
>а также конфиги интерфейсов
>пока чтото обсуждать безсмысленнно
>>3) послушайте, для меня нет проблем попадать внутрь сети. нужен именно rdp
>>на конкретный хост, и даже не мне.
>
>поже проблемы всетаки есть 01000 44141272 15482066376 divert 8668 ip from any to any via rl1
01010 2685729 278863376 allow icmp from any to any
01020 0 0 check-state
01030 0 0 allow ip from any to any frag
01040 675608 77342448 allow ip from any to any via lo0
01040 0 0 deny ip from any to 127.0.0.0/8
01040 0 0 deny ip from 127.0.0.0/8 to any
01050 1380 77816 allow tcp from any to any dst-port 21 keep-state
01050 0 0 allow udp from any to any dst-port 21
01060 30 1480 allow tcp from any to any dst-port 3389
02000 3271069 290564701 allow ip from 192.168.1.0/24 to me
02000 2759782 985920128 allow ip from me to 192.168.1.0/24
03000 4585090 588045516 allow udp from 192.168.1.0/24{1-3} to any dst-port 53 keep-state
03000 2801700 212309621 allow udp from me to any dst-port 53 keep-state
03010 0 0 allow udp from 192.168.1.0/24{1-3} to 194.85.129.65 dst-port 123 keep-state
03020 15054996 2035090418 allow tcp from 192.168.1.0/24 to any dst-port 20,21,22,25,110,143,4899-5000,10000 keep-state
03020 14787597 4194847391 allow tcp from me to any dst-port 20,21,22,25,80,110,143,443,4899-5000,5190,5999,8080,10000,8443 keep-state
03030 10775 4169136 allow tcp from me 1064-65535 to any out keep-state
03040 3 124 allow tcp from any 20,21 to me keep-state
03040 62 2800 allow tcp from any 20,21 to 192.168.1.0/24 keep-state
03050 0 0 allow ip from 192.168.1.0/24 to 62.113.32.72
03050 0 0 allow ip from 62.113.32.72 to 192.168.1.0/24
03060 932445 46167540 allow ip from 192.168.1.0/24 to 194.186.207.189
03060 1859894 91084754 allow ip from 194.186.207.189 to 192.168.1.0/24
03060 932442 46167288 allow ip from me to 194.186.207.189
03060 0 0 allow ip from 194.186.207.189 to me
03070 0 0 allow tcp from 192.168.1.0/24 to 195.161.113.219 dst-port 23 keep-state
03070 0 0 allow tcp from 192.168.1.0/24 to 212.92.96.60 dst-port 80 keep-state
03090 28188401 19465121354 allow tcp from 192.168.1.0/24{1,3} to any dst-port 80,443 in keep-state
04000 9532738 3296892888 allow tcp from any to 192.168.1.0/24{1,3} dst-port 25,110,143,80,443 keep-state
04000 2692187 262814465 allow tcp from me 25,110,143,80,443 to any keep-state
04010 23103 3859952 allow tcp from any to me dst-port 27228 keep-state
65000 1736338 137796886 deny log ip from any to any
65535 0 0 deny ip from any to any
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::280:48ff:fe2b:1522%rl0 prefixlen 64 scopeid 0x1
ether 00:80:48:2b:15:22
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 111.222.333.444 netmask 0xfffffffc broadcast 555.666.777.888
inet6 fe80::280:48ff:fe2c:acb0%rl1 prefixlen 64 scopeid 0x2
ether 00:80:48:2c:ac:b0
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
on 03-Дек-09, 14:24 
