forum.lissyara.su

Код: Выделить всё

FILTER RULES:
scrub in all fragment reassemble
блокируем все
block return on xl1 all
block return on xl0 all

пропускаем пакеты наружу
pass out quick route-to (xl1 xxxx) inet from (xl1) to any flags S/SA keep state
pass out quick route-to (xl0 yyyy) inet from (xl0) to any flags S/SA keep state

Пускаем пакеты на сервер, причем выпускаем их через тот интерфейс через который пришли
pass in on xl1 reply-to (xl1 xxxx) inet proto tcp from any to xxxx port = ftp flags S/SA keep state
pass in on xl0 reply-to (xl0 yyyy) inet proto tcp from any to yyyy port = ftp flags S/SA keep state

Код: Выделить всё

tcp_svc ="21 20 30000:31000"
pass in on $ges_if reply-to ($ges_if $ges_gw) inet proto tcp to $ges_if port { $tcp_svc } flags S/SA keep state
pass in on $ch_if reply-to ($ch_if $ch_gw) inet proto tcp to $ch_if port { $tcp_svc } flags S/SA keep state

Код: Выделить всё

PassivePortRange          30000 31000