Код: Выделить всё
[...]
${FwCmd} add 4100 check-state
[...]
${FwCmd} nat 11 config if ${dml_inet_if} deny_in reset log \
redirect_port tcp ${computer_ip}:${dc_port} ${dc_port} \
redirect_port udp ${computer_ip}:${dc_port} ${dc_port} \
redirect_port tcp ${computer_ip}:${bt_port} ${bt_port} \
redirect_port udp ${computer_ip}:${bt_port} ${bt_port} \
redirect_port tcp ${noutbook_ip}:${dc_nb_port} ${dc_nb_port} \
redirect_port udp ${noutbook_ip}:${dc_nb_port} ${dc_nb_port}
#${FwCmd} add 8600 nat 11 ip4 from ${internal_net},${pptp_pool} to any via ${dml_inet_if} out
${FwCmd} add 8700 nat 11 ip4 from ${internal_net} to any via ${dml_inet_if} out
${FwCmd} add 8800 nat 11 ip4 from any to any via ${dml_inet_if} in
[...]
${FwCmd} add 9900 allow icmp from any to any icmptypes ${icmp_allowed} keep-state
${FwCmd} add 10000 deny log all from any to any
Код: Выделить всё
${FwCmd} add 7660 allow icmp from any to me icmptypes ${icmp_allowed}