...........
Код: Выделить всё
#################PREFS PUBLIC IN ###################
ipfw='/sbin/ipfw'
Via='in via lagg0'
Ip='192.168.0.189'
ban='add deny log tcp from'
###############################################
${ipfw} -f flush
${ipfw} add 304 deny log icmp from any to any
${ipfw} add 305 reject log logamount 30 tcp from any to any not established tcpflags fin
${ipfw} add 306 deny log all from any to ${Ip} ${Via} ipoptions ssrr
${ipfw} add 307 deny log all from any to ${Ip} ${Via} ipoptions lsrr
${ipfw} add 308 deny log all from any to ${Ip} ${Via} ipoptions rr
${ipfw} add 309 deny log all from any to ${Ip} ${Via} ipoptions ts
${ipfw} add 310 deny log tcp from any to ${Ip} ${Via} tcpflags !syn,!ack,!rst
${ipfw} add 311 deny log tcp from any to ${Ip} ${Via} tcpflags syn,fin,urg,psh,!ack
${ipfw} add 312 deny log tcp from any to ${Ip} ${Via} tcpflags syn,fin,!ack,
${ipfw} add 313 deny log tcp from any to ${Ip} ${Via} tcpflags fin,urg,psh,!ack
${ipfw} add 314 deny log tcp from any to ${Ip} ${Via} tcpflags fin,!ack
${ipfw} add 315 deny log tcp from any to ${Ip} ${Via} tcpflags urg,!ack
${ipfw} add 316 deny log tcp from any to ${Ip} ${Via} tcpflags psh,!ack
#############CLOSE PUSSY~PORT'S###########################################################
${ipfw} add 317 deny tcp from any to ${Ip} 106 ${Via}
${ipfw} add 318 deny tcp from any to ${Ip} 389 ${Via}
${ipfw} add 319 deny tcp from any to ${Ip} 636 ${Via}
${ipfw} add 320 deny tcp from any to ${Ip} 674 ${Via}
${ipfw} add 321 deny tcp from any to ${Ip} 199 ${Via}
${ipfw} add 322 deny tcp from any to ${Ip} 161 ${Via}
${ipfw} add 323 deny tcp from any to ${Ip} 514 ${Via}
${ipfw} add 324 deny tcp from any to ${Ip} 1027 ${Via}
${ipfw} add 325 deny tcp from any to ${Ip} 8100 ${Via}
${ipfw} add 325 deny tcp from any to ${Ip} 8010 ${Via}
${ipfw} add 326 deny tcp from any to ${Ip} 5060 ${Via}
${ipfw} add 327 deny tcp from any to ${Ip} 5061 ${Via}
${ipfw} add 328 deny tcp from any to ${Ip} 11024 ${Via}
${ipfw} add 329 deny tcp from any to ${Ip} 5222 ${Via}
${ipfw} add 330 deny tcp from any to ${Ip} 5223 ${Via}
${ipfw} add 331 deny tcp from any to ${Ip} 6000 ${Via}
###############ALLOW ONLU CORRECT PAKET TO OPNE PORTS aka simple upyachka##################
####25 - ESMTP Communigate####
${ipfw} add 332 pass tcp from any to ${Ip} 25 ${Via} tcpflags syn,!ack,!psh,!fin,!urg,!rst
${ipfw} add 333 pass tcp from any to ${ip} 25 ${Via} tcpflags ack,!syn,!psh,!fin,!urg,!rst
${ipfw} add 334 pass tcp from any to ${ip} 25 ${Via} tcpflags ack,psh,!syn,!fin,!urg,!rst
${ipfw} add 335 pass tcp from any to ${Ip} 25 ${Via} tcpflags ack,fin,!syn,!psh,!urg,!rst
####110 - POP3 Communigate####
${ipfw} add 336 pass tcp from any to ${Ip} 110 ${Via} tcpflags syn,!ack,!psh,!fin,!urg,!rst
${ipfw} add 337 pass tcp from any to ${ip} 110 ${Via} tcpflags ack,!syn,!psh,!fin,!urg,!rst
${ipfw} add 338 pass tcp from any to ${ip} 110 ${Via} tcpflags ack,psh,!syn,!fin,!urg,!rst
${ipfw} add 339 pass tcp from any to ${Ip} 110 ${Via} tcpflags ack,fin,!syn,!psh,!urg,!rst
####80 - Apache httpd####
${ipfw} add 340 pass tcp from any to ${Ip} 80 ${Via} tcpflags syn,!ack,!psh,!fin,!urg,!rst
${ipfw} add 341 pass tcp from any to ${ip} 80 ${Via} tcpflags ack,!syn,!psh,!fin,!urg,!rst
${ipfw} add 342 pass tcp from any to ${ip} 80 ${Via} tcpflags ack,psh,!syn,!fin,!urg,!rst
${ipfw} add 343 pass tcp from any to ${Ip} 80 ${Via} tcpflags ack,fin,!syn,!psh,!urg,!rst
####443 - Apache SSL####
${ipfw} add 344 pass tcp from any to ${Ip} 443 ${Via} tcpflags syn,!ack,!psh,!fin,!urg,!rst
${ipfw} add 345 pass tcp from any to ${ip} 443 ${Via} tcpflags ack,!syn,!psh,!fin,!urg,!rst
${ipfw} add 346 pass tcp from any to ${ip} 443 ${Via} tcpflags ack,psh,!syn,!fin,!urg,!rst
${ipfw} add 347 pass tcp from any to ${Ip} 443 ${Via} tcpflags ack,fin,!syn,!psh,!urg,!rst
####666 - Nginx-devel####
${ipfw} add 348 pass tcp from any to ${Ip} 666 ${Via} tcpflags syn,!ack,!psh,!fin,!urg,!rst
${ipfw} add 349 pass tcp from any to ${ip} 666 ${Via} tcpflags ack,!syn,!psh,!fin,!urg,!rst
${ipfw} add 350 pass tcp from any to ${ip} 666 ${Via} tcpflags ack,psh,!syn,!fin,!urg,!rst
${ipfw} add 351 pass tcp from any to ${Ip} 666 ${Via} tcpflags ack,fin,!syn,!psh,!urg,!rst
####8000 - Choutcast####
${ipfw} add 352 pass tcp from any to ${Ip} 8000 ${Via} tcpflags syn,!ack,!psh,!fin,!urg,!rst
${ipfw} add 353 pass tcp from any to ${ip} 8000 ${Via} tcpflags ack,!syn,!psh,!fin,!urg,!rst
${ipfw} add 354 pass tcp from any to ${ip} 8000 ${Via} tcpflags ack,psh,!syn,!fin,!urg,!rst
${ipfw} add 355 pass tcp from any to ${Ip} 8000 ${Via} tcpflags ack,fin,!syn,!psh,!urg,!rst
####Communigate - WEB-Iface####
${ipfw} add 356 pass tcp from any to ${Ip} 9010 ${Via} tcpflags syn,!ack,!psh,!fin,!urg,!rst
${ipfw} add 357 pass tcp from any to ${ip} 9010 ${Via} tcpflags ack,!syn,!psh,!fin,!urg,!rst
${ipfw} add 358 pass tcp from any to ${ip} 9010 ${Via} tcpflags ack,psh,!syn,!fin,!urg,!rst
${ipfw} add 359 pass tcp from any to ${Ip} 9010 ${Via} tcpflags ack,fin,!syn,!psh,!urg,!rst
####SSH####
${ipfw} add 360 pass tcp from any to ${Ip} 2222 ${Via} tcpflags syn,!ack,!psh,!fin,!urg,!rst
${ipfw} add 361 pass tcp from any to ${ip} 2222 ${Via} tcpflags ack,!syn,!psh,!fin,!urg,!rst
${ipfw} add 362 pass tcp from any to ${ip} 2222 ${Via} tcpflags ack,psh,!syn,!fin,!urg,!rst
${ipfw} add 363 pass tcp from any to ${Ip} 2222 ${Via} tcpflags ack,fin,!syn,!psh,!urg,!rst
#########BAN#########
${ipfw} ${ban} 203.130.216.42 to any in via lagg0
${ipfw} ${ban} 58.187.166.242 to any in via lagg0
P.s. прочитайте статью