Junior freebsd admin;: Настройка ipfw для ограничения доступа

#!/bin/sh
ipfw -q -f flush
cmd="ipfw -q add"

$cmd check-state
$cmd 1 allow ip from me to any keep-state
$cmd 2 allow ip from any to me pptp,ftp,80,3389 via vr0

$cmd 9 allow ip from 192.168.0.254 to me ssh
$cmd 10 allow ip from 92.126.128.0/20 to me ssh
$cmd 11 allow ip from 62.33.133.0/24 to me ssh
$cmd 12 allow ip from 62.33.83.0/24 to me ssh
$cmd 13 allow ip from 87.103.160.0/21 to me ssh
$cmd 14 allow ip from 90.188.32.0/19 to me ssh
$cmd 15 allow ip from 92.124.192.0/19 to me ssh
$cmd 16 allow ip from 95.188.192.0/19 to me ssh

$cmd 40 deny ip from any to me ssh
$cmd 50 divert natd all from any to any via vr0

#cluser
$cmd 111 pipe 6 ip from any to 192.168.10.206 out
$cmd 112 pipe 6 ip from 192.168.10.206 to any in
ipfw pipe 6 config bw 256Kbit/s

#----------

#Gena
$cmd 201 pipe 10 ip from any to 192.168.0.251 out
$cmd 202 pipe 10 ip from 192.168.0.251 to any in
ipfw pipe 10 config bw 64Kbit/s
#$cmd 203 allow ip from 192.168.0.251 to any
#$cmd 204 allow ip from any to 192.168.0.251

#------------

#ya-admin
$cmd 301 allow ip from 192.168.0.201 to any
$cmd 302 allow ip from any to 192.168.0.201

#terminal-1c
$cmd 303 allow ip from 192.168.0.254 to any
$cmd 304 allow ip from any to 192.168.0.254


$cmd 2000 deny ip from any to any via dc0

Wipfw - http://wipfw.sourceforge.net/index-ru.html

23 августа 2012 г.

Настройка ipfw для ограничения доступа

23 августа 2012 г.