Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- fwcmd="/sbin/ipfw -q add"
- fw="/sbin/ipfw -q"
- flush=`${fw} -f flush`
- flush_table=`${fw} table all flush`
- flush_pipe=`${fw} pipe flush`
- flush_nat=`${fw} -f nat flush`
- local_if="bce0"
- global_if="bce1"
- uaix_if="bce1.32"
- world_if="bce1.31"
- local_ip="10.10.10.10"
- global_ip="xxx.xxx.206.1"
- netall="10.10.0.0/16"
- realip="xxx.xxx.206.10"
- unisoft_if="bce1.36"
- ${flush}
- ${flush_table}
- ${flush_pipe}
- ${flush_nat}
- ${fwcmd} 5 allow ip from any 179 to any
- ${fwcmd} 5 allow ip from any to any 179
- #nata
- ${fw} nat 10 config ip ${realip} log same_ports
- ${fwcmd} 10 nat 10 ip from ${netall} to any
- ${fwcmd} 11 nat 10 ip from any to ${realip}
- ${fwcmd} 71 allow all from any to any via lo0
- ${fwcmd} 72 allow icmp from any to any icmptypes 0,8,11
- ${fwcmd} 74 deny ip from any to me dst-port 22 via ${uaix_if}
- ${fwcmd} 74 deny ip from any to me dst-port 22 via ${world_if}
- ${fwcmd} 74 deny ip from any to me dst-port 22 via ${unisoft_if}
- #trusted ips
- ${fw} table 14 add xxx.xxx.206.50
- .....
- #real ips
- ${fw} table 15 add xxx.xxx.0.1
- ....
- #spamers
- ${fw} table 16 add xxx.xxx.207.19
- ....
- ${fwcmd} 99 deny tcp from table\(16\) to any 25 via bce0
- ${fwcmd} 100 allow all from any to table\(14\)
- ${fwcmd} 110 allow all from table\(14\) to any
- ${fwcmd} 120 allow all from any to table\(15\)
- ${fwcmd} 130 allow all from table\(15\) to any
- ${fwcmd} 140 deny all from any to me 22
- ${fwcmd} 6000 fwd 127.0.0.1,8080 tcp from table\(13\) to not me via ${local_if}
- ${fwcmd} 6001 allow all from any http,https,8080 to table\(13\)
- ${fw} pipe 1002 config mask dst-ip 0xffffffff bw 256kbit/s
- ${fw} pipe 1003 config mask src-ip 0xffffffff bw 256kbit/s
- ${fw} pipe 1004 config mask dst-ip 0xffffffff bw 512kbit/s
- ${fw} pipe 1005 config mask src-ip 0xffffffff bw 512kbit/s
- ${fw} pipe 1006 config mask dst-ip 0xffffffff bw 1Mbit/s
- ${fw} pipe 1007 config mask src-ip 0xffffffff bw 1Mbit/s
- ${fw} pipe 1010 config mask dst-ip 0xffffffff bw 2Mbit/s
- ${fw} pipe 1011 config mask src-ip 0xffffffff bw 2Mbit/s
- ${fw} pipe 1016 config mask dst-ip 0xffffffff bw 5Mbit/s
- ${fw} pipe 1017 config mask src-ip 0xffffffff bw 5Mbit/s
- ${fw} pipe 1018 config mask dst-ip 0xffffffff bw 10Mbit/s
- ${fw} pipe 1019 config mask src-ip 0xffffffff bw 10Mbit/s
- ${fw} pipe 1020 config mask dst-ip 0xffffffff bw 20Mbit/s
- ${fw} pipe 1021 config mask src-ip 0xffffffff bw 20Mbit/s
- ${fw} pipe 1022 config mask dst-ip 0xffffffff bw 100Mbit/s
- ${fw} pipe 1023 config mask src-ip 0xffffffff bw 100Mbit/s
- ${fwcmd} 10004 pipe 1002 ip from any to table\(2\) out
- ${fwcmd} 10005 pipe 1003 ip from table\(2\) to any in
- ${fwcmd} 10006 allow ip from any to table\(2\)
- ${fwcmd} 10007 allow ip from table\(2\) to any
- ${fwcmd} 10008 pipe 1004 ip from any to table\(3\) out
- ${fwcmd} 10009 pipe 1005 ip from table\(3\) to any in
- ${fwcmd} 10010 allow ip from any to table\(3\)
- ${fwcmd} 10011 allow ip from table\(3\) to any
- ${fwcmd} 10012 pipe 1006 ip from any to table\(4\) out
- ${fwcmd} 10013 pipe 1007 ip from table\(4\) to any in
- ${fwcmd} 10014 allow ip from any to table\(4\)
- ${fwcmd} 10015 allow ip from table\(4\) to any
- ${fwcmd} 10020 pipe 1010 ip from any to table\(6\) out
- ${fwcmd} 10021 pipe 1011 ip from table\(6\) to any in
- ${fwcmd} 10022 allow ip from any to table\(6\)
- ${fwcmd} 10023 allow ip from table\(6\) to any
- ${fwcmd} 10032 pipe 1016 ip from any to table\(9\) out
- ${fwcmd} 10033 pipe 1017 ip from table\(9\) to any in
- ${fwcmd} 10034 allow ip from any to table\(9\)
- ${fwcmd} 10035 allow ip from table\(9\) to any
- ${fwcmd} 10036 pipe 1018 ip from any to table\(10\) out
- ${fwcmd} 10037 pipe 1019 ip from table\(10\) to any in
- ${fwcmd} 10038 allow ip from any to table\(10\)
- ${fwcmd} 10039 allow ip from table\(10\) to any
- ${fwcmd} 10040 pipe 1020 ip from any to table\(11\) out
- ${fwcmd} 10041 pipe 1021 ip from table\(11\) to any in
- ${fwcmd} 10042 allow ip from any to table\(11\)
- ${fwcmd} 10043 allow ip from table\(11\) to any
- ${fwcmd} 10044 pipe 1022 ip from any to table\(12\) out
- ${fwcmd} 10045 pipe 1023 ip from table\(12\) to any in
- ${fwcmd} 10046 allow ip from any to table\(12\)
- ${fwcmd} 10047 allow ip from table\(12\) to any
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement