Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- fwcmd="/sbin/ipfw -q"
- LanOut="em1"
- LanIn="em0"
- IpOut="91.234.180.200"
- ${fwcmd} -f flush
- ${fwcmd} add allow all from any to any via lo0
- ${fwcmd} add check-state
- ${fwcmd} add deny ip from any to 127.0.0.0/8
- ${fwcmd} add deny ip from 127.0.0.0/8 to any
- ${fwcmd} add deny ip from any to 10.0.0.0/8
- ${fwcmd} add deny ip from any to 169.254.0.0/16
- ${fwcmd} add deny ip from any to 240.0.0.0/4
- ${fwcmd} add deny tcp from any to any 135-139,445
- ${fwcmd} add deny udp from any to any 135-139,445
- ${fwcmd} add deny icmp from any to any frag
- ${fwcmd} add deny log icmp from any to 255.255.255.255 in via ${LanIn}
- ${fwcmd} add deny log icmp from any to 255.255.255.255 out via ${LanIn}
- ${fwcmd} add deny MAC any ff:ff:ff:ff:ff:ff
- ${fwcmd} add allow ip from 192.168.0.0/16 to any via ${LanIn}
- ${fwcmd} add allow ip from any to 192.168.0.0/16 via ${LanIn}
- #${fwcmd} add allow ip from any to any 21
- ################# TARIFFS ###############################
- #---------- tariff WI-FI 900 ---------------------------
- ${fwcmd} add allow ip from table\(10\) to any in recv ng*
- ${fwcmd} add allow ip from any to table\(10\) out xmit ng*
- #################### NAT ##############################
- ${fwcmd} add nat 1 ip from 172.16.0.0/16 to any
- ${fwcmd} add nat 1 ip from 192.168.1.0/24 to any
- ${fwcmd} add nat 1 ip from any to ${IpOut} via ${LanOut}
- ################ RULES #################################
- #${fwcmd} add pipe tablearg ip from any to table\(10\) out xmit ng*
- ${fwcmd} add deny icmp from any to any in icmptype 5,9,13,14,15,16,17
- ${fwcmd} add allow icmp from any to any
- ${fwcmd} add deny icmp from any to 255.255.255.255 via ${LanOut}
- ${fwcmd} add allow ip from any to 172.16.0.0/16 in via ${LanOut}
- ${fwcmd} add allow ip from any to 192.168.0.0/16 in via ${LanOut}
- ${fwcmd} add allow ip from 172.16.0.0/16 to any out via ${LanOut}
- ${fwcmd} add allow ip from 192.168.0.0/16 to any out via ${LanOut}
- ${fwcmd} add deny ip from 10.0.0.0/8 to any via ${LanOut}
- ${fwcmd} add deny ip from 0.0.0.0/8 to any via ${LanOut}
- ${fwcmd} add deny ip from 172.16.0.0/12 to any via ${LanOut}
- ${fwcmd} add deny ip from 169.254.0.0/16 to any via ${LanOut}
- ${fwcmd} add deny ip from 192.168.0.0/16 to any via ${LanOut}
- ${fwcmd} add deny ip from 240.0.0.0/4 to any via ${LanOut}
- ${fwcmd} add deny ip from 224.0.0.0/4 to any via ${LanOut}
- ${fwcmd} add deny tcp from any to ${IpOut} in via ${LanOut} tcpflags syn,!ack
- ${fwcmd} add allow udp from any to any 123 via ${LanOut}
- ${fwcmd} add deny tcp from any to any 113 via ${LanOut}
- ${fwcmd} add deny tcp from any to any 113 via ${LanOut}
- ${fwcmd} add deny tcp from any to any 81 via ${LanOut}
- ${fwcmd} add deny all from any to any frag
- ${fwcmd} add allow ip from any to 91.234.180.0/22 via ${LanOut}
- ${fwcmd} add allow all from any to any
- ${fwcmd} add deny all from any to any
Add Comment
Please, Sign In to add comment