forum.lissyara.su

Код: Выделить всё

oif="stge0"
onet="91/28"
oip="91"
####
iif="nfe0"
inet="192.168.0.0/24"
iip="192.168.0.1"

${fwcmd} add 10 allow ip from any to any via lo0

${fwcmd} add 400 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any 80 via ${oif}
### NATD
${fwcmd} add 500 divert natd all from ${inet} to any out via ${oif}
${fwcmd} add 800 divert natd all from any to ${oip} in via ${oif}

${fwcmd} add 900 allow tcp from any to any established
## 
${fwcmd} add 1000 allow ip from ${oip} to any out xmit ${oif}
##
${fwcmd} add 1100 allow udp from any 53 to any via ${oif}
##
${fwcmd} add 1200 allow udp from any to any 53 via ${oif}
Пробую закрыть у пользователя 80 тут
[b]${fwcmd} add 1210 deny tcp from any to 192.168.0.23 80
${fwcmd} add 1220 deny tcp from 192.168.0.23 80 to any[/b]

${fwcmd} add 1380 allow ip from any 20 to any via ${oif}
${fwcmd} add 1381 allow ip from any to any 20 via ${oif}
${fwcmd} add 1382 allow ip from any 21 to any via ${oif}
${fwcmd} add 1383 allow ip from any to any 21 via ${oif}

##FTP
${fwcmd} add 1400 allow tcp from any to ${oip} 20 via ${oif}
${fwcmd} add 1500 allow tcp from any to ${oip} 49152-65535 via ${oif}
### ICMP
${fwcmd} add 1600 allow icmp from any to any icmptypes 0,8,11

${fwcmd} add 1900 allow tcp from any to ${oip} 143 via ${oif}
${fwcmd} add 2000 allow tcp from any to ${oip} 110 via ${oif}

${fwcmd} add 2300 allow tcp from any to any via ${iif}
${fwcmd} add 2400 allow udp from any to any via ${iif}
${fwcmd} add 2500 allow icmp from any to any via ${iif}

${fwcmd} add 2800 deny log ip from any to any

Код: Выделить всё

ipfw add deny tcp from any 80 to 192.168.0.23
ipfw add deny tcp from 192.168.0.23 to any 80

Код: Выделить всё

# создай таблицу ip, которым надо будет закрыть 80 порт:
ipfw table 1 add 192.168.0.23/32
ipfw table 1 add 192.168.0.24/32
# и укажи одно правило для всех ip-ов
ipfw add deny tcp from any 80 to "table(1)"
ipfw add deny tcp from "table(1)" to any 80