Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- $IPF="ipfw -q add"
- ipfw -q -f flush
- $udp_yes_ports = 53 11000AUTH
- $tcp_yes_ports = 53 80 443 3306 SFTPPORT 11000AUTH CH1 CH2 CH3 CH4
- $tcp_nop_ports = 15000DB P2P1 P2P2 P2P3 P2P4
- $IPF 10 allow all from any to any via lo0
- $IPF 20 deny all from any to 127.0.0.0/8
- $IPF 30 deny all from 127.0.0.0/8 to any
- $IPF 40 deny tcp from any to any frag
- $IPF 50 check-state
- $IPF 60 allow tcp from any to any established
- $IPF 70 allow all from any to any out keep-state
- $IPF 80 allow icmp from any to any
- for port in $tcp_nop_ports; do
- $IPF 2220 allow all from 127.0.0.0/8 to any $port
- $IPF 2230 deny all from any to me $port
- done
- for port in $tcp_yes_ports; do
- $IPF 2200 allow tcp from any to any $port in limit src-addr 20
- $IPF 2210 allow tcp from any to any $port out
- done
- for port in $udp_yes_ports; do
- $IPF 2200 allow udp from any to any $port in limit src-addr 20
- $IPF 2210 allow udp from any to any $port out
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement