Форум системных администраторов

Код: Выделить всё

#!/bin/sh
ipfw -q -f flush
IPFW="ipfw add"
SKIP="skipto 800"
EXT="vr0"
INT="rl0"
GOOD="1433,21,1434,1000,25,80,110,9030,9032,9039,9050-9060,40000-60000"

${IPFW} 005 allow all from any to any via rl0
${IPFW} 010 allow all from any to any via lo0
${IPFW} 014 divert natd ip from any to any in via ${EXT}
${IPFW} 015 check-state
${IPFW} 16 allow ip from any to any via lo0
${IPFW} 17 allow ip from any to any via tun0
${IPFW} 18 allow ip from any to any via ${INT}
${IPFW} 020 ${SKIP} udp from any to any 53 via ${EXT}
${IPFW} 022 ${SKIP} udp from any 53 to any via ${EXT}
${IPFW} 023 ${SKIP} udp from any to me 1194 via ${EXT}
${IPFW} 024 ${SKIP} udp from me to any 1194 via ${EXT}
${IPFW} 023 ${SKIP} udp from any to any 1434 via ${EXT}
${IPFW} 024 ${SKIP} udp from any 1434 to any via ${EXT}
${IPFW} 040 ${SKIP} tcp from any to any ${GOOD} out via ${EXT} setup keep-state
${IPFW} 080 ${SKIP} icmp from any to any out via ${EXT} keep-state
${IPFW} 110 ${SKIP} tcp from any to any 22 out via ${EXT} setup keep-state
${IPFW} 315 deny tcp from any to any 113 in via ${EXT}
${IPFW} 330 deny all from any to any frag in via ${EXT}
${IPFW} 332 deny tcp from any to any established in via ${EXT}
${IPFW} 400 deny log all from any to any in via ${EXT}
${IPFW} 450 deny log all from any to any out via ${EXT}
${IPFW} 800 divert natd ip from any to any out via ${EXT}
${IPFW} 801 allow ip from any to any
${IPFW} 999 deny log all from any to any

Код: Выделить всё

#!/bin/sh
ipfw -q -f flush
IPFW="ipfw add"
SKIP="skipto 800"
EXT="vr0"
INT="rl0"
GOOD="1433,21,1434,1000,25,80,110,9030,9032,9039,9050-9060,40000-60000"

${IPFW} 005 allow all from any to any via rl0
${IPFW} 010 allow all from any to any via lo0
${IPFW} 014 divert natd ip from any to any in via ${EXT}
${IPFW} 015 check-state
${IPFW} 16 allow ip from any to any via lo0
${IPFW} 17 allow ip from any to any via tun0
${IPFW} 18 allow ip from any to any via ${INT}
${IPFW} 020 ${SKIP} udp from any to any 53 via ${EXT}
${IPFW} 022 ${SKIP} udp from any 53 to any via ${EXT}
${IPFW} 023 ${SKIP} udp from any to me 1194 via ${EXT}
${IPFW} 024 ${SKIP} udp from me to any 1194 via ${EXT}
${IPFW} 023 ${SKIP} udp from any to any 1434 via ${EXT}
${IPFW} 024 ${SKIP} udp from any 1434 to any via ${EXT}
${IPFW} 060 ${SKIP} tcp from any to any ${GOOD} out via ${EXT} setup keep-state
${IPFW} 080 ${SKIP} icmp from any to any out via ${EXT} keep-state
${IPFW} 110 ${SKIP} tcp from any to any 22 out via ${EXT} setup keep-state
${IPFW} 315 deny tcp from any to any 113 in via ${EXT}
${IPFW} 330 deny all from any to any frag in via ${EXT}
${IPFW} 332 deny tcp from any to any established in via ${EXT}
${IPFW} 400 deny log all from any to any in via ${EXT}
${IPFW} 450 deny log all from any to any out via ${EXT}

${IPFW} 700 add fwd 127.0.0.1:3129 tcp from 192.168.0.0/24(или какая там у тебя подсеть) to any 80,21,443 via ${EXT}
${IPFW} 800 divert natd ip from any to any out via ${EXT}

${IPFW} 801 allow ip from any to any
${IPFW} 999 deny log all from any to any