freeBSD 8.0
Код: Выделить всё
#!/bin/sh
. /etc/my.mass
### Flush ALL!
$fw -f flush
$fw -f pipe flush
$fw -f queue flush
### Lan Settings
$fw 170 add allow ip from any to any via lo0
$fw 180 add deny ip from any to 127.0.0.0/8
$fw 190 add deny ip from 127.0.0.0/8 to any
### Nat KERNEL and NETAMS
$fw nat delete 123
$fw nat 123 config if $lw log deny_in reset same_ports
$fw 410 add divert 199 ip from $netin to any out via $lw
$fw add 430 nat 123 ip from $netin to any out via $lw
$fw add 440 nat 123 ip from any to $ipw in via $lw
$fw 450 add divert 199 log ip from any to $netin in via $lw
### ICMP Allow Ping\Trac
$fw 700 add allow ip from any to any established
$fw 710 add allow ip from $ipw to any out xmit $lw
$fw 900 add allow icmp from any to any icmptypes 0,8,11
### Allow Ports
$fw 2010 add allow udp from any 53 to any
$fw 2020 add allow udp from any to any 53
$fw 2030 add allow ip from any to any $ip
$fw 2040 add allow log tcp from any to any $tcp
$fw 2050 add allow udp from any to any $udp
$fw 2060 add allow tcp from any $tcp to any
$fw 60000 add allow tcp from any to any via $ll
$fw 60010 add allow udp from any to any via $ll
$fw 60020 add allow icmp from any to any via $ll
#$fw 65534 add deny ip from any to any
Код: Выделить всё
cat /etc/my.mass
fw="/sbin/ipfw"
lw="re0"
ll="rl0"
ipw=`ifconfig $lw | grep "inet " | awk '{print $2}'` # IP внешний
ipl=`ifconfig $ll | grep "inet " | awk '{print $2}'` # IP внутрь
netin="192.168.1.0/24"
tcp="21, 20, 80, 22, 3306, 20001, 45000-65534, 3000, 445, 139"
udp="10000-20000, 137, 138"
ip="123"
Код: Выделить всё
cat /sys/i386/conf/kernel1
ident svn
include GENERIC
makeoptions DEBUG=-g
### ethernet options
options MROUTING
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=1000
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_FORWARD
options IPFIREWALL_NAT
options LIBALIAS
options IPDIVERT
options DUMMYNET
options DEVICE_POLLING
с 7 утра посейчас на работе, могу выражаться не понятно спрашивайте если чё не понятно... я уже как ЗОМБИ!