Oleg Dambaev wrote:
>
> -FreeBSD
> Настройки ipfw/pf
>
>
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 allow tcp from any to me in established via em0
00500 allow tcp from any to me in established via em1
00600 allow ip from 192.168.0.0/16 to me setup via em1
00700 allow tcp from me to any not dst-port 25 out via em1
00800 allow tcp from me to any not dst-port 25 out via em0
00900 deny ip from any to 10.0.0.0/8 via em0
01000 deny ip from any to 172.16.0.0/12 via em0
01100 deny ip from any to 192.168.0.0/16 via em0
01200 deny ip from any to 0.0.0.0/8 via em0
01300 deny ip from any to 169.254.0.0/16 via em0
01400 deny ip from any to 192.0.2.0/24 via em0
01500 deny ip from any to 224.0.0.0/4 via em0
01600 deny ip from any to 240.0.0.0/4 via em0
01700 deny ip from 169.254.0.0/16 to me via em0
01800 deny ip from 192.0.2.0/24 to me via em0
01900 deny ip from 224.0.0.0/4 to me via em0
02000 deny ip from 240.0.0.0/4 to me via em0
02100 check-state
02200 allow tcp from any 1025-65535 to me dst-port
20,21,22,80,443,49152-65535 in setup via em0
02300 deny tcp from any to me in setup via em0
02400 allow tcp from me to 80.93.58.56 dst-port 25 out via em0
02500 allow tcp from me to 192.168.0.69 dst-port 25 out via em1 gid smmsp
02600 allow tcp from me to any dst-port 25 out uid root
02700 deny tcp from me to any dst-port 25 out via em0
02800 deny tcp from me to any dst-port 25 out via em1
02900 allow udp from me to any out keep-state
03000 allow icmp from any to me in icmptypes 0,3,4,8,11
03100 allow icmp from me to any out
65000 deny ip from any to any
65535 deny ip from any to any
--
С уважением, Vasily Tolstov
Системный администратор хостинга PeterHost.Ru
Тел: (495) 540-56-33
(812) 34-777-43
http://www.PeterHost.Ru