Подскажите кто сталкивался с такой ситуацие.
Фряха есть доступ в инет.
Код: Выделить всё
ipfw -f flush
запускаю
rc.firewall
Конфиг rc.firewall/usr/local/etc/
sh rc.firewall &
Код: Выделить всё
#!/bin/sh
fwcmd="/sbin/ipfw"
###
oif="sis0"
onet="xx.xxx.xx.00/28"
oip="xx.xxx.xxx.xxx"
###
iif="rl0"
inet="192.168.21.0/24"
iip="192.168.21.1"
###
vpn="tun0"
###
${fwcmd} -f flush
###
table.sh
###
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 120 allow ip from any to any via ${vpn}
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
###
${fwcmd} add 400 deny ip from 192.168.0.0/16 to any in via ${oif}
${fwcmd} add 410 deny ip from 172.16.0.0/12 to any in via ${oif}
#${fwcmd} add 420 deny ip from 10.0.0.0/8 to any in via ${oif}
###
${fwcmd} add 425 allow tcp from any to ${oip} 7000 in via ${oif} setup
${fwcmd} add 430 allow tcp from any to any 7000
${fwcmd} add 440 allow tcp from any 7000 to any
${fwcmd} add 450 allow udp from any to any 7000
${fwcmd} add 460 allow udp from any 7000 to any
${fwcmd} add 470 allow tcp from any to 192.168.21.101 7000 via ${oif}
###
pass () { rule_num=$(($rule_num+100)); $fwcmd add $rule_num pass $*; }
deny () { rule_num=$(($rule_num+100)); $fwcmd add $rule_num deny $*; }
###
rule_num=1000
###
${fwcmd} add 500 divert natd all from table\(1\) to any out via ${oif}
${fwcmd} add 520 allow all from any to me dst-port 1194
${fwcmd} add 530 pass tcp from any to ${oip} 1194 in via ${oif}
${fwcmd} add 540 pass ip from 10.20.30.0/24 to ${inet} out via ${iif}
${fwcmd} add 550 pass ip from ${inet} to 10.20.30.0/24 in via ${iif}
${fwcmd} add 560 divert natd tcp from ${inet} to any 25, 110 out via ${oif}
${fwcmd} add 570 divert natd tcp from ${inet} to any 143 out via ${oif}
${fwcmd} add 580 divert natd tcp from ${inet} to any 5190 out via ${oif}
${fwcmd} add 700 divert natd all from any to ${oip} in via ${oif}
##${fwcmd} add allow tcp from 192.168.21.101 to ${oip} 7000 in via ${oif}
###
pass all from ${oip} to any out via ${oif}
###
pass tcp from any to any established
###
pass all from table\(1\) to not ${inet} in via ${iif}
pass all from ${inet} to not ${inet} 25,110 in via ${iif}
###
pass all from not ${inet} to table\(1\) in via ${oif}
pass all from not ${inet} to table\(1\) out via ${iif}
#pass all from not ${inet} to not ${inet} 25,110 in via ${oif}
#pass all from not ${inet} to not ${inet} 25,110 out via ${iif}
${fwcmd} add pass tcp from any to any 25,110 via ${oif}
${fwcmd} add pass tcp from any 25,110 to any via ${oif}
${fwcmd} add pass tcp from any to any 1194
###ICMP
pass icmp from any to any icmptypes 0,8,11
###
pass all from ${inet} to ${inet} via ${iif}
#pass all from 172.31.0.0/24 to ${inet} via ${iif}
###
#${fwcmd} add allow tcp from any to xxx.xxx.xxx.xxx 7000 in via sis0 setup
#${fwcmd} add allow tcp from any to any 7000
#${fwcmd} add allow tcp from any 7000 to any
###
${fwcmd} add allow ip from any to me 7000
${fwcmd} add allow ip from any to 192.168.21.101 7000
${fwcmd} add allow ip from 192.168.21.101 7000 to any
${fwcmd} add deny tcp from any to me 1080
${fwcmd} add deny udp from any to me 1080
Где может быть касяК?
Просто странно до этого работало неделю с этими правилами пока не пришлось перегружать сервер,
вот после перезагрузки сервака именно такая трабла и выползла.