Код: Выделить всё
fwd 127.0.0.1,3128 tcp from 10.0.0.0/24 to any dst-port 80 via xl0вот выхлоп правил
Код: Выделить всё
00050 0 0 check-state
00100 0 0 deny log logamount 100 ip from any to any frag
00200 96 6336 reject ip from any to any not verrevpath in
00300 0 0 reject tcp from any to any tcpflags syn,fin,ack,psh,rst,urg
00310 0 0 reject tcp from any to any tcpflags !syn,!fin,!ack,!psh,!rst,!urg
00320 0 0 reject tcp from any to any not established tcpflags fin
00400 0 0 deny tcp from any to any dst-port 113 in via xl0
00500 0 0 deny tcp from any to any dst-port 135-139 via xl0
00510 0 0 deny tcp from any to any dst-port 135-139 via rl0
00600 0 0 deny icmp from any to any frag
00610 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17
00700 0 0 deny log logamount 100 icmp from any to 255.255.255.255 in via xl0
00710 0 0 deny log logamount 100 icmp from any to 255.255.255.255 out via xl0
00800 0 0 deny ip from any to 127.0.0.0/8
00810 0 0 deny ip from 127.0.0.0/8 to any
00900 96 6336 allow ip from any to any via lo0
00950 0 0 allow ip from any to any via ng0
00960 0 0 allow ip from any to any via ng1
00970 0 0 allow ip from any to any via ng2
01000 0 0 deny ip from 10.0.0.0/24 to any in via xl0
01010 0 0 deny ip from 10.0.1.0/24 to any in via rl0
01100 0 0 deny ip from any to 192.168.0.0/16 in via xl0
01110 0 0 deny ip from any to 172.16.0.0/12 in via xl0
01120 0 0 deny ip from any to 0.0.0.0/8 in via xl0
01130 0 0 deny ip from any to 169.254.0.0/16 in via xl0
01200 0 0 deny ip from any to 224.0.0.0/4 in via xl0
01210 0 0 deny ip from any to 240.0.0.0/4 in via xl0
01300 0 0 fwd 127.0.0.1,3128 tcp from 10.0.0.0/24 to any dst-port 80 via xl0
01400 2961 367494 divert 8668 ip from 10.0.0.0/24 to any out via xl0
01410 52847 64931798 divert 8668 ip from any to 10.0.1.2 in via xl0
