Код:
#!/bin/sh
fwcmd="/sbin/ipfw -q"
${fwcmd} -f flush
real_ip="**.***.***.***"
local_ip="192.168.1.254"
local_net="192.168.1.0/24"
#===============NAT=========================================
ipfw add divert natd all from ${local_net} to any out xmit bce0
ipfw add divert natd all from any to ${real_ip} in recv bce0
ipfw add allow icmp from any to any
#=====Zabor i otpravka pochti ===============
ipfw add allow tcp from ${local_net} to any 110
ipfw add allow tcp from ${local_net} to ${local_ip} 110
ipfw add allow tcp from any to any 25
#END=========================================================
#=======================Dostup k DNS Serveram===============
ipfw add allow udp from any to any 53
ipfw add allow udp from any 53 to any
#END
#================Dostup po FTP, SSH, Telnet, www? proxy ======================
ipfw add allow tcp from ${local_net} to ${local_ip} 21,22,23,80,3128
#END
#=================Dostup k DHCP===========================
ipfw add allow udp from ${local_net} to ${local_ip} 67,68
ipfw add allow udp from ${local_ip} to ${local_net}
ipfw add allow all from ${real_ip} to any
ipfw add allow tcp from me to any
ipfw add allow tcp from any to any established
ipfw add deny all from any to any
Цитата ashota:
|
ipfw add deny all from any to any »
|
Для информации, когда комментирую последнее правило, все равно нет результата
