Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ipfw -q -f flush
- cmd="ipfw -q add "
- cmd0="ipfw "
- #vhod="igb0"
- vhod="lagg0"
- clients="igb2"
- clients2="igb1"
- mainip="95.47.162.2"
- main_local_ip="192.168.101.1"
- $cmd 130 skipto 9000 ip from any to 95.47.162.5 dst-port 80
- $cmd 135 skipto 9000 ip from any to 95.47.162.5 dst-port 443
- $cmd 140 skipto 9000 ip from 95.47.162.5 80 to any
- $cmd 150 skipto 9000 ip from 95.47.162.5 443 to any
- $cmd 1150 skipto 9000 ip from 172.22.0.0/24 to 95.47.162.5
- $cmd 1160 allow udp from 172.28.100.0/24 to $main_local_ip dst-port 53
- $cmd 1170 allow udp from 172.28.100.0/24 to 8.8.8.8 dst-port 53
- #privat24
- $cmd 1180 skipto 9000 ip from 172.28.100.0/24 to 217.117.65.0/24
- $cmd 1182 skipto 9000 ip from 172.28.100.0/24 to 54.76.131.126
- $cmd 1183 skipto 9000 ip from 172.28.100.0/24 to 54.76.186.242
- $cmd 1184 skipto 9000 ip from 172.28.100.0/24 to 54.77.32.191
- #
- $cmd 1200 fwd $main_local_ip:80 tcp from 172.28.100.0/24 to any dst-port 80
- #$cmd 1205 fwd $main_local_ip:443 tcp from 172.28.100.0/24 to any dst-port 443
- $cmd 1240 allow ip from any to $main_local_ip
- $cmd 1240 allow ip from 172.28.100.0/24 to 95.47.162.5
- $cmd 1300 deny ip from 172.28.100.0/24 to any
- $cmd 2000 deny ip from 192.168.101.0/24 to any in recv $clients
- $cmd 2010 deny ip from 192.168.108.0/24 to any in recv $clients2
- #
- $cmd0 table 53 add 95.47.162.3
- $cmd0 table 53 add 95.47.162.8
- $cmd0 table 53 add 95.47.162.13
- $cmd0 table 53 add 95.47.162.14
- $cmd 2090 deny ip from any to table\(53\) dst-port 53 in recv $vhod
- $cmd 2100 allow ip from me 53 to any not via $vhod
- #urik
- $cmd 3000 skipto 10100 ip from 95.47.162.192/26 to any
- $cmd 3100 skipto 10100 ip from any to 95.47.162.192/26
- #real_ip_pppoe
- $cmd 3200 skipto 10100 ip from 95.47.162.64/26 to any
- $cmd 3300 skipto 10100 ip from any to 95.47.162.64/26
- $cmd 3400 skipto 10100 ip from 95.47.162.128/26 to any
- $cmd 3500 skipto 10100 ip from any to 95.47.162.128/26
- #smtp
- $cmd 4000 deny ip from any to any dst-port 25
- #kernel NAT
- $cmd 9900 nat 1 ip from table\(50\) to any out xmit $vhod
- $cmd 9902 nat 1 ip from any to 95.47.162.3 in recv $vhod
- $cmd 9906 nat 2 ip from table\(25\) to any out xmit $vhod
- $cmd 9908 nat 2 ip from any to 95.47.162.8 in recv $vhod
- $cmd 9912 nat 3 ip from table\(120\) to any out xmit $vhod
- $cmd 9916 nat 3 ip from table\(100\) to any out xmit $vhod
- $cmd 9920 nat 3 ip from any to 95.47.162.13 in recv $vhod
- $cmd 9922 nat 4 ip from table\(5\) to any out xmit $vhod
- $cmd 9926 nat 4 ip from any to 95.47.162.14 in recv $vhod
- #
- $cmd 9950 pipe 220 ip from table\(25\) to any not via $vhod
- $cmd 9990 pipe 200 ip from any to table\(25\) not via $vhod
- $cmd 10005 pipe 95 ip from table\(5\) to any not via $vhod
- $cmd 10015 pipe 105 ip from any to table\(5\) not via $vhod
- $cmd 10050 pipe 150 ip from any to table\(50\) not via $vhod
- $cmd 10055 pipe 155 ip from table\(50\) to any not via $vhod
- $cmd 10100 pipe 100 ip from any to table\(100\) not via $vhod
- $cmd 10105 pipe 110 ip from table\(100\) to any not via $vhod
- $cmd 10200 pipe 205 ip from any to table\(120\) not via $vhod
- $cmd 10205 pipe 210 ip from table\(120\) to any not via $vhod
- #$cmd0 nat 1 config if $vhod
- $cmd0 nat 1 config ip 95.47.162.3
- $cmd0 nat 2 config ip 95.47.162.8
- $cmd0 nat 3 config ip 95.47.162.13
- $cmd0 nat 4 config ip 95.47.162.14
- #pipe 5M
- $cmd0 pipe 95 config bw 5632K mask dst-ip 0xffffffff
- $cmd0 pipe 105 config bw 5632K mask dst-ip 0xffffffff
- #pipe 50M
- $cmd0 pipe 150 config bw 52224K mask dst-ip 0xffffffff
- $cmd0 pipe 155 config bw 52224K mask dst-ip 0xffffffff
- #evil pipe25M
- $cmd0 pipe 200 config bw 26112K mask dst-ip 0xffffffff
- $cmd0 pipe 220 config bw 26112K mask dst-ip 0xffffffff
- #
- #100M
- $cmd0 pipe 100 config bw 104448K mask dst-ip 0xffffffff
- $cmd0 pipe 110 config bw 104448K mask dst-ip 0xffffffff
- #200M !!!!!!
- $cmd0 pipe 205 config bw 207872K mask dst-ip 0xffffffff
- $cmd0 pipe 210 config bw 207872K mask dst-ip 0xffffffff
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement