forum.lissyara.su

Код: Выделить всё

#!/bin/sh
ipfw -q -f flush
ipfw -q -f pipe flush
ipfw -q -f queue flush
cmd="/sbin/ipfw"
WAN_IP="XXX.XXX.XXX.XXX"
lannet="192.168.1.0/24"
WAN_INT="tun0"
LAN_INT="re1"
$cmd add allow all from any to any via lo0
$cmd add allow all from any to any via ${LAN_INT}
$cmd add deny ip from any to 127.0.0.0/8
$cmd add deny ip from 127.0.0.0/8 to any
$cmd add check-state
$cmd add deny log ip from any to 10.0.0.0/8,172.16.0.0/12,169.254.0.0/16,224.0.0.0/4,240.0.0.0/4 in via ${WAN_INT}
$cmd add deny log ip from 10.0.0.0/8,172.16.0.0/12,169.254.0.0/16,224.0.0.0/4,240.0.0.0/4 to any out via ${WAN_INT}
$cmd add allow icmp from any to any icmptypes 0,8,11 via ${WAN_INT}
#_______________Out from our Localnet____________________________________________________________________________
$cmd add allow all from $lannet to any 80,123,443 out via ${WAN_INT} keep-state
$cmd add allow ip from any to ${WAN_IP} 443,80,25,465,993,995 in via ${WAN_INT}
####################################################################################################
$cmd nat 1 config log ip ${WAN_IP} reset same_ports redirect_port tcp 192.168.1.2:25 25 redirect_port tcp 192.168.1.2:443 443 redirect_port tcp 192.168.1.2:465 465 redirect_port tcp 192.168.1.2:993 993 redirect_port tcp 192.168.1.2:995 995
$cmd add nat 1 ip from $lannet to any out via ${WAN_INT}
$cmd add nat 1 ip from any to ${WAN_IP} via ${WAN_INT}
#####################################################################################################
$cmd add deny ip from any to any

Код: Выделить всё

$cmd add allow all from $lannet to any 80,123,443 out via ${WAN_INT} keep-state

Код: Выделить всё

$cmd add allow ip from any to ${WAN_IP} 443,80,25,465,993,995 in via ${WAN_INT}