Vitya
Специалист
Вне Форума
Настрочил: 927
Серов
Пол:
|
rc.conf //---------- firewall_enable="YES" firewall_script="/etc/firewall.sh" //----------
firewall.sh //-------- #! /bin/sh /sbin/ipfw -f flush /sbin/ipfw add 1000 pass all from any to any via lo0 /sbin/ipfw add 1100 deny all from any to 127.0.0.0/8 /sbin/ipfw add 1200 deny icmp from any to any frag /sbin/ipfw add 1300 deny icmp from any to any in icmpptype 5,9,13,14,15,16,17 /sbin/ipfw add 1400 deny tcp from any to any not established tcpflags fin /sbin/ipfw add 1500 deny tcp from any to any tcpflags fin,syn,rft,psh,ack,urg /sbin/ipfw add 1600 deny tcp from any to any tcpflags !fin,!syn,!rst,!psh,!ack,!urg /sbin/ipfw add 4000 deny udp from any 137-139 to any via rl0 /sbin/ipfw add 4100 deny udp from any to any 137-139 via rl0 /sbin/ipfw add 5000 divert natd ip from 192.168.1.0:255.255.255.0 to any out xmit vr0 /sbin/ipfw add 5100 divert natd ip from any to 212.75.x.x /sbin/ipfw add 7000 divert natd ip from 192.168.1.0/24 to any out via vr0 /sbin/ipfw add 7100 divert natd ip from any to 212.75.x.x in via vr0 /sbin/ipfw add 8000 allow all from any to any
file "/etc/firewall.sh", 16 lines //---------------------
/etc/>ipfw sh ipfw: DEPRECATED: 'sh' matched 'show' as a sub-string 01000 88 4400 allow ip from any to any via lo0 01100 0 0 deny ip from any to 127.0.0.0/8 01200 0 0 deny icmp from any to any frag 01400 0 0 deny tcp from any to any not established tcpflags fin 01600 0 0 deny tcp from any to any tcpflags !syn,!fin,!ack,!psh,!rst,!urg 04000 37051 3986205 deny udp from any 137-139 to any via rl0 04100 4 312 deny udp from any to any dst-port 137-139 via rl0 08000 171266 12151798 allow ip from any to any 65535 0 0 deny ip from any to any
Ручками добавляю /sbin/ipfw add 7000 divert natd ip from 192.168.1.0/24 to any out via vr0 и о чудо дополняется! /etc/>ipfw show 01000 88 4400 allow ip from any to any via lo0 01100 0 0 deny ip from any to 127.0.0.0/8 01200 0 0 deny icmp from any to any frag 01400 0 0 deny tcp from any to any not established tcpflags fin 01600 0 0 deny tcp from any to any tcpflags !syn,!fin,!ack,!psh,!rst,!urg 04000 37093 3989783 deny udp from any 137-139 to any via rl0 04100 4 312 deny udp from any to any dst-port 137-139 via rl0 07000 0 0 divert 8668 ip from 192.168.1.0/24 to any out via vr0 08000 171481 12188718 allow ip from any to any 65535 0 0 deny ip from any to any
Что им мешает из скрипта добавится?
|