Код: Выделить всё
man ipfw
как тест:
Код: Выделить всё
ipfw add 1 allow ip from any to any layer2
Код: Выделить всё
man ipfw
Код: Выделить всё
ipfw add 1 allow ip from any to any layer2
Код: Выделить всё
sysctl net.link.ether.ipfw=1
${ipfw} 1 add skipto 100 ip from any to any not layer2
${ipfw} 5 add allow ip from any to any layer2 not via fxp0
${ipfw} 10 add skipto 40 ip from 192.168.50.33 to any layer2 in via fxp0
${ipfw} 20 add deny ip from ${my_net} to any mac any 00:0e:a6:45:0b:d4 in via fxp0
${ipfw} 40 add allow ip from any to any layer2 via fxp0
Код: Выделить всё
add allow ip from ${my_net} to any mac any 00:0e:a6:45:0b:d4 in via fxp0
Код: Выделить всё
add allow ip from ${my_net} to any mac any 00:0e:a6:45:0b:d4
Код: Выделить всё
${ipfw} 40 add allow ip from any to any layer2 via fxp0
Код: Выделить всё
#!/bin/sh
FwCMD="/sbin/ipfw"
LanOut="alc0"
LanIn="fxp0"
IpOut="00000000"
NetOut="111111111"
NetOutMask="29"
IpIn="192.168.0.1"
NetIn="192.168.0.0"
NetInMask="16"
${FwCMD} -f flush
${FwCMD} add 10 skipto 4000 all from any to any layer2 in
${FwCMD} add 20 skipto 100 all from any to any not layer2 in
${FwCMD} add 30 skipto 100 all from any to any not layer2 out
${FwCMD} add 40 skipto 6000 all from any to any layer2 out
${FwCMD} add 00100 check-state
${FwCMD} add 00110 allow log logamount 100 ip from any to any via lo0
${FwCMD} add 00120 allow log logamount 100 ip from any to any via ${LanIn}
${FwCMD} add 00130 allow log logamount 100 tcp from ${NetOut}/${NetOutMask} to ${IpOut} established
${FwCMD} add 00131 allow log logamount 100 tcp from ${IpOut} to ${NetOut}/${NetOutMask} established
${FwCMD} add 00201 allow log logamount 100 tcp from any to ${IpOut} 2112 via ${LanOut} keep-state
${FwCMD} add 00202 allow log logamount 100 tcp from any to ${IpOut} 2332 via ${LanOut} keep-state
${FwCMD} add 00303 allow log logamount 100 tcp from ${NetOut}/${NetOutMask} to ${IpOut} 5900 via ${LanOut} keep-state
${FwCMD} nat 1 config ip ${IpOut} log reset same_ports deny_in
${FwCMD} add 00400 nat 1 log logamount 100 ip from any to ${IpOut} in recv ${LanOut}
${FwCMD} add 00410 nat 1 log logamount 100 ip from ${IpOut} to any out xmit ${LanOut}
${FwCMD} add 00450 nat 1 log logamount 100 ip from 192.168.0.5/32 to any out xmit ${LanOut}
${FwCMD} add 5000 allow log logamount 100 all from any to any layer2 in
${FwCMD} add 6000 allow log logamount 100 all from any to any layer2 out
${FwCMD} add 65534 deny log logamount 100 all from any to any