Код: Выделить всё
#!/bin/sh
FwCMD="/sbin/ipfw"
#INTERFACES!!!!
LanOut="fxp0"
LanIn="rl0"
#
IpOut="77.108.79.253"
IpIn1="192.168.100.1"
IpIn2="192.168.4.250"
RealIpIn="87.245.160.113"
NetIn="192.168.100.0/24"
NetIn2="192.168.4.0/24"
NetRealIn="87.245.160.0/24"
NetMask="24"
${FwCMD} -f flush
${FwCMD} -f pipe flush
${FwCMD} -f queue flush
${FwCMD} add check-state
#${FwCMD} add count log udp from any to any
#${FwCMD} add count log tcp from any to any dst-port 25
#Traffic counting
${FwCMD} add divert 10001 ip from any to any via ${LanOut}
${FwCMD} add divert 10002 ip from any to any via ${LanIn}
${FwCMD} add allow ip from any to any via lo0
${FwCMD} add allow all from any to 87.245.160.121
${FwCMD} add allow all from 87.245.160.121 to any
${FwCMD} add allow all from any to 87.245.160.115
${FwCMD} add allow all from 87.245.160.115 to any
${FwCMD} add allow all from any to 87.245.160.120
${FwCMD} add allow all from 87.245.160.120 to any
${FwCMD} add allow all from any to 87.245.160.116
${FwCMD} add allow all from 87.245.160.116 to any
${FwCMD} add allow all from any to 87.245.160.117
${FwCMD} add allow all from 87.245.160.117 to any
${FwCMD} add allow all from any to 87.245.160.118
${FwCMD} add allow all from 87.245.160.118 to any
${FwCMD} add allow all from any to 87.245.160.118
${FwCMD} add allow all from 87.245.160.118 to any
${FwCMD} add allow all from any to 87.245.160.122
${FwCMD} add allow all from 87.245.160.122 to any
#icmp
${FwCMD} add deny log icmp from any to any frag
${FwCMD} add deny log icmp from any to 255.255.255.255 in via ${LanOut}
${FwCMD} add deny log icmp from any to 255.255.255.255 out via ${LanOut}
${FwCMD} add deny log icmp from any to any in icmptype 5,9,13,14,15,16,17
${FwCMD} add deny log ip from any to ${IpOut} 137-139,445 in via ${LanOut}
${FwCMD} add deny log ip from any to ${IpOut} 137-139,445 in via ${LanIn}
${FwCMD} add deny log ip from any to 0.0.0.0/8,10.0.0.0/8,172.16.0.0/12,169.254.0.0/16,240.0.0.0/3 in via ${LanOut}
${FwCMD} add deny tcp from any to me 5190 via ${LanOut}
${FwCMD} add deny log tcp from any to me 3306,3128 via ${LanOut}
${FwCMD} add allow ip from any to me 20 via ${LanOut}
${FwCMD} add allow ip from any to me 20 via ${LanIn}
#PROXY
${FwCMD} add fwd 127.0.0.1,3128 tcp from 192.168.100.0/24 to any 80 via ${LanOut}
#for ip alias
/usr/local/etc/traf/rc.ip
${FwCMD} add divert natd ip from any to ${IpOut} via ${LanOut}
${FwCMD} add allow ip from any to me
${FwCMD} add allow ip from me to any
${FwCMD} add allow tcp from any to any established
${FwCMD} add allow udp from any to ${IpOut} 53 in via ${LanOut}
${FwCMD} add allow udp from ${IpOut} 53 to any out via ${LanOut}
${FwCMD} add allow udp from any 53 to ${IpOut} in via ${LanOut}
${FwCMD} add allow udp from ${IpOut} to any 53 out via ${LanOut}
${FwCMD} add allow icmp from any to any
#PIPE IN
${FwCMD} add pipe 1 ip from ${IpOut} to ${NetIn}/${NetMask}
${FwCMD} pipe 1 config bw 2500Kbit/s
${FwCMD} add pipe 2 ip from ${IpIn1} to ${NetIn}/${NetMask}
${FwCMD} pipe 2 config bw 2500Kbit/s
${FwCMD} add pipe 3 ip from any to any tcpflags ack iplen 0-128
${FwCMD} pipe 3 config bw 2500Kbit/s
${FwCMD} add skipto 39999 ip from any to any tcpflags ack iplen 0-128
#${FwCMD} pipe 1 config bw 2500 kbit/s queue 100
#${FwCMD} queue 1 config pipe 1 weight 100
#${FwCMD} add queue 1 all from any to 192.168.100.0/24 in via ${LanOut}
#${FwCMD} add queue 1 all from any to 192.168.4.0/24 in via ${LanOut}
#PIPE OUT
#${FwCMD} pipe 2 config bw 2500 kbit/s queue 100
#${FwCMD} queue 2 config pipe 2 weight 100
#${FwCMD} add queue 2 all from 192.168.100.0/24 to any out via ${LanOut}
#${FwCMD} add queue 2 all from 192.168.4.0/24 to any out via ${LanOut}
#ALLOW LAN's
/usr/local/etc/traf/rc_allow.ip
#${FwCMD} add count log udp from any to any
${FwCMD} add deny log tcp from any to any