forum.opennet.ru

Составление сообщения

Исходное сообщение

"PF+Squid"
Отправлено 100matolog, 16-Июл-09 09:22

Достался мне шлюз с почтовиком на борту...
по желанию хозяина - попросил убрать нат для внутренней сети дабы все ходили через прокси сервер.
Я попытался применить правило для единичного компутеря
#test
block log on $int_if proto tcp from 192.168.0.241 to any port 80
потом сказал
office# /etc/rc.d/./pf reload
Reloading pf rules.
No ALTQ support in kernel
ALTQ related functions disabled
(Судя по докам - ALTQ в моем случае не нужен - я не собираюсь зажимать канал.)
Так вот - указанный в правиле комп (192.168.0.241) продолжает ходить в инет- тоесть открываю браузер и тыркаю первую ссылку.
вот собственно хозяйство

office# ifconfig
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC>
        ether 00:22:b0:50:eb:54
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:24:8c:b9:46:cd
        inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
        inet 62.80.169.25 --> 62.80.172.90 netmask 0xffffffff
        Opened by PID 378
ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500

office# cat /etc/rc.conf
background_fsck=NO
mousechar_start="3"
saver="logo"
font8x8="cp866-8x8"
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
scrnmap="koi8-r2cp866"
keyrate="fast"
keymap="ru.koi8-r"
#################################################
ifconfig_nfe0="inet 192.168.0.100  netmask 255.255.255.0"
#defaultrouter="192.168.5.1"
sshd_enable="YES"
inetd_enable="YES"
hostname="office.cominform.kiev.ua"
gateway_enable="YES"
#####################################
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES"
ppp_profile="cyfra.net"
####################################
squid_enable="YES"
samba_enable="YES"
mpd_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf-rules.conf"
pflog_enable="YES"
named_enable="YES"
#ntpd_enable="YES"
#ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift -l /var/log/ntpd.log"

mysql_enable="YES"
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
################################
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
webmin_enable="YES"
postfix_enable="YES"
apache_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
spamd_enable="YES"
#amavisd_enable="YES"
courier_imap_imapd_enable="YES"
postgrey_enable="YES"
office# cat /etc/pf-rules.conf
# Macros
ext_if="tun0"
int_if="nfe0"
localnet="192.168.1.0/24"
tcp_services = "{ ftp, ssh, smtp, http, domain, 1723}"
#tcp_services = "{ ssh, smtp, domain, http, pop3 }"
Server="192.168.0.241"
icmp_types = "echoreq"
# Tables
table <rfc1918> const { 127.0.0.0/8, 10.0.0.0/8, 172.168.0.0/12 \
        192.168.0.0/16 }
table <dsua03> const { 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24 \
        224.0.0.0/4, 240.0.0.0/4 }
#
# Options
#
#
# Normalization
#
scrub in all
#
# Queueing
#
# Translation
nat on $ext_if from 192.168.0.0/16 to 62.149.28.34 port 3307 -> $ext_if
nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 21 -> $ext_if
nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 22 -> $ext_if
nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 3306 -> $ext_if
#
#
nat on $ext_if from 192.168.0.0/24 to 62.149.9.49 port 21 -> $ext_if
nat on $ext_if from 192.168.0.0/24 to 62.149.9.49 port 22 -> $ext_if

#NAT to ME
nat  on $ext_if from 192.168.0.70/32 to any  -> $ext_if
nat  on $ext_if from 192.168.0.11/32 to any  -> $ext_if
#NAT for Client bank
nat on $ext_if from 192.168.0.17/32 to 213.156.66.66 port 10080 -> $ext_if
nat on $ext_if from 192.168.0.17/32 to 193.200.190.17 port 80 -> $ext_if

nat on $ext_if from 192.168.0.99/32 to 213.156.66.66 port 10080 -> $ext_if
nat on $ext_if from 192.168.0.99/32 to 193.41.49.69 port 2031 -> $ext_if

#Port 110 for E-Mail
nat on $ext_if from 192.168.0.0/24 to any port 110 -> $ext_if
#Webmin port's
nat on $ext_if from 192.168.0.0/24 to any port 10000 -> $ext_if
#Server time
nat on $ext_if from 192.43.244.18 to 192.168.0.0/24 -> $ext_if
nat on $ext_if from 192.168.0.0/24 to 192.43.244.18 -> $ext_if
#
# Rules
#
# setup a default deny all policy
block drop log all
# pass traffic on the loopback interface in either direction
pass quick on lo0 all
pass quick on ng0 all
#test
block log on $int_if proto tcp from 192.168.0.241 to any port 80

#pass in  quick on $ext_if proto { tcp udp } from any to 192.168.0.0/24 port 4899 keep state
#MPD4
pass  quick on $ext_if  from any to 193.201.81.10  keep state
pass   quick on $ext_if proto { tcp udp } from any to 192.168.0.0/24 port 4899 keep state
block drop  in quick on $ext_if from <rfc1918> to any
block drop  in quick on $ext_if from <dsua03> to any
block drop  in quick on $ext_if from 83.149.80.111 to any
block drop out quick on $ext_if from any to 83.149.80.111
block drop in quick on $ext_if from 87.255.33.0/24 to any
block drop out quick on $ext_if from any to 87.255.33.0/24
block drop in quick on $ext_if from 195.122.131.0/24 to any
block drop out quick on $ext_if from any to 195.122.131.0/24
block drop in quick on $ext_if from 195.203.36.201 to any
block drop out quick on $ext_if from any to 195.203.36.201
block drop in quick on $ext_if from 212.68.137.188 to any
block drop out quick on $ext_if from any to 212.68.137.188
block drop in quick on $ext_if from 193.203.36.201 to any
block drop out quick on $ext_if from any to 193.203.36.201
block drop in quick on $ext_if from 83.222.11.79 to any
block drop out quick on $ext_if from any to 83.222.11.79
block drop out quick on $ext_if from any to <rfc1918>
block drop out quick on $ext_if from any to <dsua03>
#rADMIN
#pass out quick on $ext_if inet proto tcp from 194.63.140.22 to any keep state
#pass in  quick on $int_if inet  proto tcp from 192.168.0.253 ext_if keep state
pass in quick on $ext_if inet proto tcp from any to $ext_if \
        port $tcp_services flags S/SA keep state
pass in quick on $ext_if inet proto udp from any to $ext_if \
        port = domain keep state
pass in quick inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if inet from $int_if:network to any keep state
pass out quick on $int_if inet from any to $int_if:network keep state
pass out on $ext_if proto tcp all flags S/SA modulate state
pass out on $ext_if proto { udp, icmp } all keep state

Исходное сообщение
"PF+Squid" Отправлено 100matolog, 16-Июл-09 09:22
Достался мне шлюз с почтовиком на борту... по желанию хозяина - попросил убрать нат для внутренней сети дабы все ходили через прокси сервер. Я попытался применить правило для единичного компутеря #test block log on $int_if proto tcp from 192.168.0.241 to any port 80 потом сказал office# /etc/rc.d/./pf reload Reloading pf rules. No ALTQ support in kernel ALTQ related functions disabled (Судя по докам - ALTQ в моем случае не нужен - я не собираюсь зажимать канал.) Так вот - указанный в правиле комп (192.168.0.241) продолжает ходить в инет- тоесть открываю браузер и тыркаю первую ссылку. вот собственно хозяйство office# ifconfig vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC> ether 00:22:b0:50:eb:54 media: Ethernet autoselect (100baseTX <full-duplex>) status: active nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 00:24:8c:b9:46:cd inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492 inet 62.80.169.25 --> 62.80.172.90 netmask 0xffffffff Opened by PID 378 ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500 ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500 office# cat /etc/rc.conf background_fsck=NO mousechar_start="3" saver="logo" font8x8="cp866-8x8" font8x14="cp866-8x14" font8x16="cp866b-8x16" scrnmap="koi8-r2cp866" keyrate="fast" keymap="ru.koi8-r" ################################################# ifconfig_nfe0="inet 192.168.0.100 netmask 255.255.255.0" #defaultrouter="192.168.5.1" sshd_enable="YES" inetd_enable="YES" hostname="office.cominform.kiev.ua" gateway_enable="YES" ##################################### ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" ppp_profile="cyfra.net" #################################### squid_enable="YES" samba_enable="YES" mpd_enable="YES" pf_enable="YES" pf_rules="/etc/pf-rules.conf" pflog_enable="YES" named_enable="YES" #ntpd_enable="YES" #ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift -l /var/log/ntpd.log" mysql_enable="YES" courier_authdaemond_enable="YES" courier_imap_pop3d_enable="YES" ################################ sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" webmin_enable="YES" postfix_enable="YES" apache_enable="YES" clamav_clamd_enable="YES" clamav_freshclam_enable="YES" spamd_enable="YES" #amavisd_enable="YES" courier_imap_imapd_enable="YES" postgrey_enable="YES" office# cat /etc/pf-rules.conf # Macros ext_if="tun0" int_if="nfe0" localnet="192.168.1.0/24" tcp_services = "{ ftp, ssh, smtp, http, domain, 1723}" #tcp_services = "{ ssh, smtp, domain, http, pop3 }" Server="192.168.0.241" icmp_types = "echoreq" # Tables table <rfc1918> const { 127.0.0.0/8, 10.0.0.0/8, 172.168.0.0/12 \ 192.168.0.0/16 } table <dsua03> const { 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24 \ 224.0.0.0/4, 240.0.0.0/4 } # # Options # # # Normalization # scrub in all # # Queueing # # Translation nat on $ext_if from 192.168.0.0/16 to 62.149.28.34 port 3307 -> $ext_if nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 21 -> $ext_if nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 22 -> $ext_if nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 3306 -> $ext_if # # nat on $ext_if from 192.168.0.0/24 to 62.149.9.49 port 21 -> $ext_if nat on $ext_if from 192.168.0.0/24 to 62.149.9.49 port 22 -> $ext_if #NAT to ME nat on $ext_if from 192.168.0.70/32 to any -> $ext_if nat on $ext_if from 192.168.0.11/32 to any -> $ext_if #NAT for Client bank nat on $ext_if from 192.168.0.17/32 to 213.156.66.66 port 10080 -> $ext_if nat on $ext_if from 192.168.0.17/32 to 193.200.190.17 port 80 -> $ext_if nat on $ext_if from 192.168.0.99/32 to 213.156.66.66 port 10080 -> $ext_if nat on $ext_if from 192.168.0.99/32 to 193.41.49.69 port 2031 -> $ext_if #Port 110 for E-Mail nat on $ext_if from 192.168.0.0/24 to any port 110 -> $ext_if #Webmin port's nat on $ext_if from 192.168.0.0/24 to any port 10000 -> $ext_if #Server time nat on $ext_if from 192.43.244.18 to 192.168.0.0/24 -> $ext_if nat on $ext_if from 192.168.0.0/24 to 192.43.244.18 -> $ext_if # # Rules # # setup a default deny all policy block drop log all # pass traffic on the loopback interface in either direction pass quick on lo0 all pass quick on ng0 all #test block log on $int_if proto tcp from 192.168.0.241 to any port 80 #pass in quick on $ext_if proto { tcp udp } from any to 192.168.0.0/24 port 4899 keep state #MPD4 pass quick on $ext_if from any to 193.201.81.10 keep state pass quick on $ext_if proto { tcp udp } from any to 192.168.0.0/24 port 4899 keep state block drop in quick on $ext_if from <rfc1918> to any block drop in quick on $ext_if from <dsua03> to any block drop in quick on $ext_if from 83.149.80.111 to any block drop out quick on $ext_if from any to 83.149.80.111 block drop in quick on $ext_if from 87.255.33.0/24 to any block drop out quick on $ext_if from any to 87.255.33.0/24 block drop in quick on $ext_if from 195.122.131.0/24 to any block drop out quick on $ext_if from any to 195.122.131.0/24 block drop in quick on $ext_if from 195.203.36.201 to any block drop out quick on $ext_if from any to 195.203.36.201 block drop in quick on $ext_if from 212.68.137.188 to any block drop out quick on $ext_if from any to 212.68.137.188 block drop in quick on $ext_if from 193.203.36.201 to any block drop out quick on $ext_if from any to 193.203.36.201 block drop in quick on $ext_if from 83.222.11.79 to any block drop out quick on $ext_if from any to 83.222.11.79 block drop out quick on $ext_if from any to <rfc1918> block drop out quick on $ext_if from any to <dsua03> #rADMIN #pass out quick on $ext_if inet proto tcp from 194.63.140.22 to any keep state #pass in quick on $int_if inet proto tcp from 192.168.0.253 ext_if keep state pass in quick on $ext_if inet proto tcp from any to $ext_if \ port $tcp_services flags S/SA keep state pass in quick on $ext_if inet proto udp from any to $ext_if \ port = domain keep state pass in quick inet proto icmp all icmp-type $icmp_types keep state pass in quick on $int_if inet from $int_if:network to any keep state pass out quick on $int_if inet from any to $int_if:network keep state pass out on $ext_if proto tcp all flags S/SA modulate state pass out on $ext_if proto { udp, icmp } all keep state

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> Достался мне шлюз с почтовиком на борту... > по желанию хозяина - попросил убрать нат для внутренней сети дабы все > ходили через прокси сервер. > Я попытался применить правило для единичного компутеря > #test > block log on $int_if proto tcp from 192.168.0.241 to any port 80 > потом сказал > office# /etc/rc.d/./pf reload > Reloading pf rules. > No ALTQ support in kernel > ALTQ related functions disabled > (Судя по докам - ALTQ в моем случае не нужен - я > не собираюсь зажимать канал.) > Так вот - указанный в правиле комп (192.168.0.241) продолжает ходить в инет- > тоесть открываю браузер и тыркаю первую ссылку. > вот собственно хозяйство > office# ifconfig > vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=2808<VLAN_MTU,WOL_UCAST,WOL_MAGIC> > ether 00:22:b0:50:eb:54 > media: Ethernet autoselect (100baseTX > <full-duplex>) > status: active > nfe0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=8<VLAN_MTU> > ether 00:24:8c:b9:46:cd > inet 192.168.0.100 netmask 0xffffff00 > broadcast 192.168.0.255 > media: Ethernet autoselect (100baseTX > <full-duplex>) > status: active > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > inet6 fe80::1%lo0 prefixlen 64 > scopeid 0x3 > inet6 ::1 prefixlen 128 > inet 127.0.0.1 netmask 0xff000000 > pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204 > tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492 > inet 62.80.169.25 --> 62.80.172.90 > netmask 0xffffffff > Opened by PID 378 > ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500 > ng1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500 > office# cat /etc/rc.conf > background_fsck=NO > mousechar_start="3" > saver="logo" > font8x8="cp866-8x8" > font8x14="cp866-8x14" > font8x16="cp866b-8x16" > scrnmap="koi8-r2cp866" > keyrate="fast" > keymap="ru.koi8-r" > ################################################# > ifconfig_nfe0="inet 192.168.0.100 netmask 255.255.255.0" > #defaultrouter="192.168.5.1" > sshd_enable="YES" > inetd_enable="YES" > hostname="office.cominform.kiev.ua" > gateway_enable="YES" > ##################################### > ppp_enable="YES" > ppp_mode="ddial" > ppp_nat="YES" > ppp_profile="cyfra.net" > #################################### > squid_enable="YES" > samba_enable="YES" > mpd_enable="YES" > pf_enable="YES" > pf_rules="/etc/pf-rules.conf" > pflog_enable="YES" > named_enable="YES" > #ntpd_enable="YES" > #ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift -l /var/log/ntpd.log" > mysql_enable="YES" > courier_authdaemond_enable="YES" > courier_imap_pop3d_enable="YES" > ################################ > sendmail_enable="NO" > sendmail_submit_enable="NO" > sendmail_outbound_enable="NO" > sendmail_msp_queue_enable="NO" > webmin_enable="YES" > postfix_enable="YES" > apache_enable="YES" > clamav_clamd_enable="YES" > clamav_freshclam_enable="YES" > spamd_enable="YES" > #amavisd_enable="YES" > courier_imap_imapd_enable="YES" > postgrey_enable="YES" > office# cat /etc/pf-rules.conf > # Macros > ext_if="tun0" > int_if="nfe0" > localnet="192.168.1.0/24" > tcp_services = "{ ftp, ssh, smtp, http, domain, 1723}" > #tcp_services = "{ ssh, smtp, domain, http, pop3 }" > Server="192.168.0.241" > icmp_types = "echoreq" > # Tables > table <rfc1918> const { 127.0.0.0/8, 10.0.0.0/8, 172.168.0.0/12 \ > 192.168.0.0/16 } > table <dsua03> const { 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24 \ > 224.0.0.0/4, 240.0.0.0/4 } > # > # Options > # > # > # Normalization > # > scrub in all > # > # Queueing > # > # Translation > nat on $ext_if from 192.168.0.0/16 to 62.149.28.34 port 3307 -> $ext_if > nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 21 -> $ext_if > nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 22 -> $ext_if > nat on $ext_if from 192.168.0.0/16 to 62.149.28.10 port 3306 -> $ext_if > # > # > nat on $ext_if from 192.168.0.0/24 to 62.149.9.49 port 21 -> $ext_if > nat on $ext_if from 192.168.0.0/24 to 62.149.9.49 port 22 -> $ext_if > #NAT to ME > nat on $ext_if from 192.168.0.70/32 to any -> $ext_if > nat on $ext_if from 192.168.0.11/32 to any -> $ext_if > #NAT for Client bank > nat on $ext_if from 192.168.0.17/32 to 213.156.66.66 port 10080 -> $ext_if > nat on $ext_if from 192.168.0.17/32 to 193.200.190.17 port 80 -> $ext_if > nat on $ext_if from 192.168.0.99/32 to 213.156.66.66 port 10080 -> $ext_if > nat on $ext_if from 192.168.0.99/32 to 193.41.49.69 port 2031 -> $ext_if > #Port 110 for E-Mail > nat on $ext_if from 192.168.0.0/24 to any port 110 -> $ext_if > #Webmin port's > nat on $ext_if from 192.168.0.0/24 to any port 10000 -> $ext_if > #Server time > nat on $ext_if from 192.43.244.18 to 192.168.0.0/24 -> $ext_if > nat on $ext_if from 192.168.0.0/24 to 192.43.244.18 -> $ext_if > # > # Rules > # > # setup a default deny all policy > block drop log all > # pass traffic on the loopback interface in either direction > pass quick on lo0 all > pass quick on ng0 all > #test > block log on $int_if proto tcp from 192.168.0.241 to any port 80 > #pass in quick on $ext_if proto { tcp udp } from > any to 192.168.0.0/24 port 4899 keep state > #MPD4 > pass quick on $ext_if from any to 193.201.81.10 keep > state > pass quick on $ext_if proto { tcp udp } from > any to 192.168.0.0/24 port 4899 keep state > block drop in quick on $ext_if from <rfc1918> to any > block drop in quick on $ext_if from <dsua03> to any > block drop in quick on $ext_if from 83.149.80.111 to any > block drop out quick on $ext_if from any to 83.149.80.111 > block drop in quick on $ext_if from 87.255.33.0/24 to any > block drop out quick on $ext_if from any to 87.255.33.0/24 > block drop in quick on $ext_if from 195.122.131.0/24 to any > block drop out quick on $ext_if from any to 195.122.131.0/24 > block drop in quick on $ext_if from 195.203.36.201 to any > block drop out quick on $ext_if from any to 195.203.36.201 > block drop in quick on $ext_if from 212.68.137.188 to any > block drop out quick on $ext_if from any to 212.68.137.188 > block drop in quick on $ext_if from 193.203.36.201 to any > block drop out quick on $ext_if from any to 193.203.36.201 > block drop in quick on $ext_if from 83.222.11.79 to any > block drop out quick on $ext_if from any to 83.222.11.79 > block drop out quick on $ext_if from any to <rfc1918> > block drop out quick on $ext_if from any to <dsua03> > #rADMIN > #pass out quick on $ext_if inet proto tcp from 194.63.140.22 to any > keep state > #pass in quick on $int_if inet proto tcp from 192.168.0.253 > ext_if keep state > pass in quick on $ext_if inet proto tcp from any to $ext_if > \ > port $tcp_services flags S/SA > keep state > pass in quick on $ext_if inet proto udp from any to $ext_if > \ > port = domain keep > state > pass in quick inet proto icmp all icmp-type $icmp_types keep state > pass in quick on $int_if inet from $int_if:network to any keep state > pass out quick on $int_if inet from any to $int_if:network keep state > pass out on $ext_if proto tcp all flags S/SA modulate state > pass out on $ext_if proto { udp, icmp } all keep state
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру