[FUG-BR] IPFW e PF
Nenhum _de_Nos
matheusber em gmail.com
Quinta Novembro 9 02:16:00 BRST 2006
ipfw:
# Loopback
add 10 allow ip from any to any via lo0
#add 11 allow udp from any to any 53 keep-state via lo0
add 11 deny ip from any to 127.0.0.0/8
add 99 check-state
# DSL
add 100 allow tcp from any to any
22,25,53,80,3389,4040,5010-5039,8000-8100,10000-11600 in setup
keep-state via tun0
add 101 allow udp from any to any
53,4040,5010-5039,8000-8100,10000-11600 in setup keep-state via tun0
add 102 allow ip from any to any out via tun0 keep-state
add 103 deny all from any to any in frag via tun0
# LAN
add 200 allow all from 192.168.254.10 to 192.168.254.253 in via vr0 keep-state
add 201 allow tcp from 192.168.254.0/24 to 192.168.254.253 in via vr0 keep-state
add 202 allow udp from 192.168.254.0/24 to 192.168.254.253 in via vr0 keep-state
add 203 allow ip from 192.168.254.0/24 to not 192.168.254.253 in via
vr0 keep-state
add 204 allow ip from 192.168.254.253 to 192.168.254.0/24 out via vr0 keep-state
# MODEM
add 300 allow all from 192.168.254.10 to any via ed0 keep-state
# Pipes
table 1 add 192.168.254.1/32
table 1 add 192.168.254.2/32
table 1 add 192.168.254.3/32
table 1 add 192.168.254.8/32
table 1 add 192.168.254.12/32
table 1 add 192.168.254.13/32
table 1 add 192.168.254.18/32
table 1 add 192.168.254.20/32
table 1 add 192.168.254.21/32
table 1 add 192.168.254.101/32
table 1 add 192.168.254.102/32
table 1 add 192.168.254.103/32
table 1 add 192.168.254.104/32
pipe 1 config mask src-ip 0x000000ff bw 32Kbit/s queue 5Kbytes
add 50 pipe 1 all from table(1) to any out via tun0
pf:
nat on $ext_if from $maquinas to any -> ($ext_if)
rdr on $ext_if proto tcp from any to any port 3389 ->
192.168.254.10 port 3389
rdr on $int_if proto tcp from any to ! 192.168.254.253 port
www -> 192.168.254.253 port 3128
rdr on $ext_if proto { tcp, udp } from any to any port $portas_l -> $l
rdr on $ext_if proto { tcp, udp } from any to any port $portas_d -> $d
rdr on $ext_if proto { tcp, udp } from any to any port $portas_m -> $m
rdr on $ext_if proto { tcp, udp } from any to any port $portas_g -> $g
rdr on $ext_if proto { tcp, udp } from any to any port $portas_w -> $w
rdr on $ext_if proto { tcp, udp } from any to any port $portas_ma
-> $ma
rdr on $ext_if proto { tcp, udp } from any to any port $portas_i
-> $i
rdr on $ext_if proto { tcp, udp } from any to any port $portas_is
-> $is port 8080
pass on $ext_if all
pass on $int_if all
pass out on $int_if from ! 192.168.254.253 to $maquinas
pass in on $int_if from $maquinas to ! 192.168.254.253
com isso tenho limitado a saída de todos que quero, e já testei blz ;)
On 11/8/06, Alessandro de Souza Rocha <etherlinkii em gmail.com> wrote:
> Em 08/11/06, Welkson Renny de Medeiros<welkson em focusautomacao.com.br> escreveu:
> > pode ser lista... fica no histórico...
> >
> >
> > --
> > Welkson Renny de Medeiros
> > Focus Automação Comercial
> > Desenvolvimento / Gerência de Redes
> > welkson em focusautomacao.com.br
> >
> >
> > ----- Original Message -----
> > From: "Nenhum _de_Nos" <matheusber em gmail.com>
> > To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
> > <freebsd em fug.com.br>
> > Sent: Wednesday, November 08, 2006 5:29 PM
> > Subject: Re: [FUG-BR] IPFW e PF
> >
> >
> > On 11/8/06, Welkson Renny de Medeiros <welkson em focusautomacao.com.br> wrote:
> > > Matheus poderia postar suas regras... também tenho muitas dúvidas sobre
> > > pf e ipfw...
> > >
> > > Se preferir pode ser no pvt.
> > não sou nenhum perito no assunto, mas no que puder ajudo. quando
> > chegar em casa mando as regras :)
> >
> > pvt ou lista ?!
> >
> > --
> > We will call you cygnus,
> > The God of balance you shall be
> > -------------------------
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
> > -------------------------
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
>
> aqui na http://www.openbsd.org/faq/pf/pt/ftp.html fala de seu
> probelmas mais tem varias opcoes de liberar o ftp sem problemas.
> --
> Alessandro de Souza Rocha
> Administrador de Redes e Sistemas
> Freebsd-BR User #117
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
--
We will call you cygnus,
The God of balance you shall be
Mais detalhes sobre a lista de discussão freebsd