Untitled

#!/bin/sh

fwcmd="/sbin/ipfw -q add"
fw="/sbin/ipfw -q"
flush=`${fw} -f flush`
flush_table=`${fw}  table all flush`
flush_pipe=`${fw} pipe flush`
flush_nat=`${fw} -f nat flush`
local_if="bce0"
global_if="bce1"
uaix_if="bce1.32"
world_if="bce1.31"
local_ip="10.10.10.10"
global_ip="xxx.xxx.206.1"
netall="10.10.0.0/16"
realip="xxx.xxx.206.10"
unisoft_if="bce1.36"

${flush}
${flush_table}
${flush_pipe}
${flush_nat}


${fwcmd} 5 allow ip from any 179 to any
${fwcmd} 5 allow ip from any to any 179
#nata


${fw} nat 10 config ip ${realip} log same_ports

${fwcmd} 10 nat 10 ip from ${netall} to any
${fwcmd} 11 nat 10 ip from any to ${realip}

${fwcmd} 71 allow all from any to any via lo0
${fwcmd} 72 allow icmp from any to any icmptypes 0,8,11


${fwcmd} 74 deny ip from any to me dst-port 22 via ${uaix_if}
${fwcmd} 74 deny ip from any to me dst-port 22 via ${world_if}
${fwcmd} 74 deny ip from any to me dst-port 22 via ${unisoft_if}


#trusted ips
${fw} table 14 add xxx.xxx.206.50
.....

#real ips
${fw} table 15 add xxx.xxx.0.1
....

#spamers
${fw} table 16 add xxx.xxx.207.19
....


${fwcmd} 99 deny tcp from table\(16\) to any 25 via bce0

${fwcmd} 100 allow all from any to table\(14\)
${fwcmd} 110 allow all from table\(14\) to any

${fwcmd} 120 allow all from any to table\(15\)
${fwcmd} 130 allow all from table\(15\) to any

${fwcmd} 140 deny all from any to me 22


${fwcmd} 6000 fwd 127.0.0.1,8080 tcp from table\(13\) to not me via ${local_if}
${fwcmd} 6001 allow all from any http,https,8080 to table\(13\)

${fw} pipe 1002 config mask dst-ip 0xffffffff bw 256kbit/s
${fw} pipe 1003 config mask src-ip 0xffffffff bw 256kbit/s
${fw} pipe 1004 config mask dst-ip 0xffffffff bw 512kbit/s
${fw} pipe 1005 config mask src-ip 0xffffffff bw 512kbit/s
${fw} pipe 1006 config mask dst-ip 0xffffffff bw 1Mbit/s
${fw} pipe 1007 config mask src-ip 0xffffffff bw 1Mbit/s
${fw} pipe 1010 config mask dst-ip 0xffffffff bw 2Mbit/s
${fw} pipe 1011 config mask src-ip 0xffffffff bw 2Mbit/s
${fw} pipe 1016 config mask dst-ip 0xffffffff bw 5Mbit/s
${fw} pipe 1017 config mask src-ip 0xffffffff bw 5Mbit/s
${fw} pipe 1018 config mask dst-ip 0xffffffff bw 10Mbit/s
${fw} pipe 1019 config mask src-ip 0xffffffff bw 10Mbit/s
${fw} pipe 1020 config mask dst-ip 0xffffffff bw 20Mbit/s
${fw} pipe 1021 config mask src-ip 0xffffffff bw 20Mbit/s
${fw} pipe 1022 config mask dst-ip 0xffffffff bw 100Mbit/s
${fw} pipe 1023 config mask src-ip 0xffffffff bw 100Mbit/s


${fwcmd} 10004 pipe 1002 ip from any to table\(2\) out
${fwcmd} 10005 pipe 1003 ip from table\(2\) to any in
${fwcmd} 10006 allow ip from any to table\(2\)
${fwcmd} 10007 allow ip from table\(2\) to any

${fwcmd} 10008 pipe 1004 ip from any to table\(3\) out
${fwcmd} 10009 pipe 1005 ip from table\(3\) to any in
${fwcmd} 10010 allow ip from any to table\(3\)
${fwcmd} 10011 allow ip from table\(3\) to any

${fwcmd} 10012 pipe 1006 ip from any to table\(4\) out
${fwcmd} 10013 pipe 1007 ip from table\(4\) to any in
${fwcmd} 10014 allow ip from any to table\(4\)
${fwcmd} 10015 allow ip from table\(4\) to any

${fwcmd} 10020 pipe 1010 ip from any to table\(6\) out
${fwcmd} 10021 pipe 1011 ip from table\(6\) to any in
${fwcmd} 10022 allow ip from any to table\(6\)
${fwcmd} 10023 allow ip from table\(6\) to any

${fwcmd} 10032 pipe 1016 ip from any to table\(9\) out
${fwcmd} 10033 pipe 1017 ip from table\(9\) to any in
${fwcmd} 10034 allow ip from any to table\(9\)
${fwcmd} 10035 allow ip from table\(9\) to any

${fwcmd} 10036 pipe 1018 ip from any to table\(10\) out
${fwcmd} 10037 pipe 1019 ip from table\(10\) to any in
${fwcmd} 10038 allow ip from any to table\(10\)
${fwcmd} 10039 allow ip from table\(10\) to any

${fwcmd} 10040 pipe 1020 ip from any to table\(11\) out
${fwcmd} 10041 pipe 1021 ip from table\(11\) to any in
${fwcmd} 10042 allow ip from any to table\(11\)
${fwcmd} 10043 allow ip from table\(11\) to any

${fwcmd} 10044 pipe 1022 ip from any to table\(12\) out
${fwcmd} 10045 pipe 1023 ip from table\(12\) to any in
${fwcmd} 10046 allow ip from any to table\(12\)
${fwcmd} 10047 allow ip from table\(12\) to any