Password:
mail# cat /etc/rc.firewall
#!/bin/sh
cmd="/sbin/ipfw"
onet="w.w.w.w/e"
oip="d.d.d.d/30"
oif="em0"
iif="em1"
inet="192.168.1.0/24"
iip="192.168.1.3"
office="192.168.1.0/24"
buhta="192.168.2.0/24"
srve2k="192.168.1.228/28"
$cmd -f flush
j=100
allow () { j=$(($j+100)); $cmd add $j allow $*; }
deny_log () { j=$(($j+100)); $cmd add $j deny log $*; }
deny () { j=$(($j+100)); $cmd add $j deny $*; }
count () { j=$(($j+100)); $cmd add $j count $*; }
fwd () { j=$(($j+100)); $cmd add $j fwd $*; }
divert () { j=$(($j+100)); $cmd add $j divert $*; }
add_pipe () { j=$(($j+100)); $cmd add $j pipe $*; }
allow_110 () { allow tcp from any 110 to $*
allow tcp from $* to any 110; }
add_pipe 100 tcp from $oip to any
$cmd pipe 100 config bw 1024KBit/s
divert natd ip from $srve2k to any out via $oif
divert natd ip from any to $oip
allow ip from any to any via lo0
#ntpdate
allow ip from any to 195.58.5.202
allow ip from 195.58.5.202 to any
allow ip from $onet to any
allow ip from any to $onet
allow ip from $makfa to any
allow ip from any to $makfa
allow ip from $buhta to any
allow ip from any to $buhta
#local net
allow ip from any to any via $iif
allow ip from 192.168.0.0/24 to any
allow ip from any to 192.168.0.0/24
allow tcp from any to any 25
allow tcp from any 25 to any
allow udp from any 53 to any
allow udp from any to any 53
allow tcp from any 53 to any
allow tcp from any to any 53
allow tcp from any 80 to $oip
allow tcp from $oip to any 80
allow tcp from any 20-22 to $oip
allow tcp from $oip to any 20-22
allow tcp from any 113 to any
allow tcp from any to any 113
allow tcp from any 2121 to any
allow tcp from any to any 2121
allow tcp from any 119 to any
allow tcp from any to any 119
allow udp from any 123 to any
allow udp from any to any 123
allow tcp from any 253 to any
allow tcp from any to any 253
allow icmp from any to any
deny_log ip from any to any
mail#
Вариант для распечатки
Информационная безопасность (Public)
(ok) on
10-Июн-04, 15:01 (MSK)
