сейчас раздается всем, хотя правила созданы:
Код: Выделить всё
/home/nrv/>>ipfw show
00100 900 89064 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny ip from 192.168.0.0/24 to any in via tun0
00500 0 0 deny ip from 10.x.x.x to any in via sk0
00600 0 0 deny ip from any to 172.16.0.0/12 in via tun0
00700 0 0 deny ip from any to 192.168.0.0/16 in via tun0
00800 0 0 deny ip from any to 0.0.0.0/8 in via tun0
00900 0 0 deny ip from any to 169.254.0.0/16 in via tun0
01000 0 0 deny ip from any to 224.0.0.0/4 in via tun0
01100 0 0 deny ip from any to 240.0.0.0/4 in via tun0
01200 0 0 deny icmp from any to any frag
01300 0 0 deny log logamount 100 icmp from any to 255.255.255.255 in via tun0
01400 0 0 deny log logamount 100 icmp from any to 255.255.255.255 out via tun0
01500 3146 495799 divert 8668 ip from 192.168.0.0/24 to any out via tun0
01600 3785 3454599 divert 8668 ip from any to 10.x.x.x in via tun0
01700 0 0 deny ip from 172.16.0.0/12 to any out via tun0
01800 0 0 deny ip from 192.168.0.0/16 to any out via tun0
01900 0 0 deny ip from 0.0.0.0/8 to any out via tun0
02000 0 0 deny ip from 169.254.0.0/16 to any out via tun0
02100 0 0 deny ip from 224.0.0.0/4 to any out via tun0
02200 0 0 deny ip from 240.0.0.0/4 to any out via tun0
02300 62 3720 allow icmp from any to any icmptypes 0,8,11
02400 2952 247842 allow ip from any to 192.168.0.0/24 in via sk0
02500 1972 594860 allow ip from 192.168.0.0/24 to any out via sk0
02600 12634 7783738 allow tcp from any to any established
02700 0 0 allow tcp from any to any dst-port 53
02800 0 0 allow tcp from any 53 to any
02900 336 21150 allow udp from any to any dst-port 53
03000 317 62051 allow udp from any 53 to any
03100 0 0 allow udp from any to any dst-port 123 via tun0
03200 0 0 allow tcp from any to 10.x.x.x dst-port 53 in via tun0 setup
03300 0 0 allow tcp from any to 10.x.x.x dst-port 80 in via tun0 setup
03400 0 0 allow tcp from any to 10.x.x.x dst-port 20,21 in via tun0 setup
03500 0 0 allow tcp from any to 10.x.x.x dst-port 25 in via tun0 setup
03600 0 0 allow tcp from any to 10.x.x.x dst-port 22 in via tun0 setup
03700 0 0 allow tcp from any to 10.x.x.x dst-port 20,21 in via tun0 setup
03800 0 0 allow tcp from any to 10.x.x.x dst-port 49152-65535 via tun0
03900 0 0 deny log logamount 100 tcp from any to 10.x.x.x in via tun0 setup
04000 268 12864 allow tcp from 10.x.x.x to any out via tun0 setup
04100 0 0 allow tcp from any to 10.x.x.x in via sk0 setup
04200 0 0 allow tcp from 192.168.0.0/24 to any dst-port 5190 in via sk0 setup
04300 264 12672 allow tcp from 192.168.0.103 to not 192.168.0.0/24 in via sk0 setup
04400 4 192 allow tcp from 192.168.0.104 to not 192.168.0.0/24 in via sk0 setup
04500 0 0 allow tcp from 192.168.0.109 to not 192.168.0.0/24 in via sk0 setup
04600 12 1164 deny ip from any to any
65535 1 64 deny ip from any to any
