#!/bin/sh$IPF="ipfw -q add"ipfw -q -f flush $udp_yes_ports = 53 11000AUT

1. #!/bin/sh
2. $IPF="ipfw -q add"
3. ipfw -q -f flush
4.  
5. $udp_yes_ports = 53 11000AUTH
6. $tcp_yes_ports = 53 80 443 3306 SFTPPORT 11000AUTH CH1 CH2 CH3 CH4
7. $tcp_nop_ports = 15000DB P2P1 P2P2 P2P3 P2P4
8.  
9. $IPF 10 allow all from any to any via lo0
10. $IPF 20 deny all from any to 127.0.0.0/8
11. $IPF 30 deny all from 127.0.0.0/8 to any
12. $IPF 40 deny tcp from any to any frag
13.  
14. $IPF 50 check-state
15.  
16. $IPF 60 allow tcp from any to any established
17. $IPF 70 allow all from any to any out keep-state
18. $IPF 80 allow icmp from any to any
19.  
20. for port in $tcp_nop_ports; do
21. $IPF 2220 allow all from 127.0.0.0/8 to any $port
22. $IPF 2230 deny all from any to me $port
23. done
24.  
25. for port in $tcp_yes_ports; do
26. $IPF 2200 allow tcp from any to any $port in limit src-addr 20
27. $IPF 2210 allow tcp from any to any $port out
28. done
29.  
30. for port in $udp_yes_ports; do
31. $IPF 2200 allow udp from any to any $port in limit src-addr 20
32. $IPF 2210 allow udp from any to any $port out
33. done