ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Sergey Prozhogin 2:5030/318.325 28 Aug 2000 14:03:28
To : All
Subject : где можно упростить?
--------------------------------------------------------------------------------
настроил я гейт машину под freebsd 4.0 + ipforward + ipdivert + dummynet
ниже правила из rc.firewall, что можно упростить/оптимизировать?
гейт сделан для внутренней фековой сетки из 8 машин и 9-я гейт под фрей с двумя
интерфейсами? один из которых глядит в инет с реальным ip адресом
плюс еще траффик шейпер.
=== Cut ===
############
# Setup system for firewall service.
# $FreeBSD: src/etc/rc.firewall,v 1.30 2000/02/06 19:24:37 paul Exp $
[Ss][Hh][Tt][Uu][Rr][Mm])
#shturm fire wall
${fwcmd} add divert natd ip from any to any via ed0
${fwcmd} add pipe 10 ip from 192.168.0.1 to any in via rl0
${fwcmd} pipe 10 config bw 1bit/s
${fwcmd} add pipe 11 ip from 192.168.0.1 to any out via rl0
${fwcmd} pipe 11 config bw 1bit/s
${fwcmd} add pipe 20 ip from 192.168.0.2 to any in via rl0
${fwcmd} pipe 20 config bw 1bit/s
${fwcmd} add pipe 21 ip from 192.168.0.2 to any out via rl0
${fwcmd} pipe 21 config bw 1bit/s
${fwcmd} add pipe 30 ip from 192.168.0.3 to any in via rl0
${fwcmd} pipe 30 config bw 1bit/s
${fwcmd} add pipe 31 ip from 192.168.0.3 to any out via rl0
${fwcmd} pipe 31 config bw 1bit/s
${fwcmd} add pipe 40 ip from 192.168.0.4 to any in via rl0
${fwcmd} pipe 40 config bw 1bit/s
${fwcmd} add pipe 41 ip from 192.168.0.4 to any out via rl0
${fwcmd} pipe 41 config bw 1bit/s
${fwcmd} add pipe 50 ip from 192.168.0.5 to any in via rl0
${fwcmd} pipe 50 config bw 1bit/s
${fwcmd} add pipe 51 ip from 192.168.0.5 to any out via rl0
${fwcmd} pipe 51 config bw 1bit/s
${fwcmd} add pipe 60 ip from 192.168.0.6 to any in via rl0
${fwcmd} pipe 60 config bw 1bit/s
${fwcmd} add pipe 61 ip from 192.168.0.6 to any out via rl0
${fwcmd} pipe 61 config bw 1bit/s
${fwcmd} add pipe 70 ip from 192.168.0.7 to any in via rl0
${fwcmd} pipe 70 config bw 1bit/s
${fwcmd} add pipe 71 ip from 192.168.0.7 to any out via rl0
${fwcmd} pipe 71 config bw 1bit/s
${fwcmd} add pipe 80 ip from 192.168.0.8 to any in via rl0
${fwcmd} pipe 80 config bw 1bit/s
${fwcmd} add pipe 81 ip from 192.168.0.8 to any out via rl0
${fwcmd} pipe 81 config bw 1bit/s
${fwcmd} add allow ip from 192.168.0.1 to any
${fwcmd} add allow ip from 192.168.0.2 to any
${fwcmd} add allow ip from 192.168.0.3 to any
${fwcmd} add allow ip from 192.168.0.4 to any
${fwcmd} add allow ip from 192.168.0.5 to any
${fwcmd} add allow ip from 192.168.0.6 to any
${fwcmd} add allow ip from 192.168.0.7 to any
${fwcmd} add allow ip from 192.168.0.8 to any
${fwcmd} add deny ip from 192.168.0.0/24 to any
${fwcmd} add allow ip from any to any
${fwcmd} add allow tcp from any to any
${fwcmd} add allow udp from any to any
${fwcmd} add allow icmp from any to any
;;
=== Cut ===
sergey
--- GoldED 2.51
* Origin: m2140 a140nn -- ccpro outside (2:5030/318.325)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
где можно упростить? |
Sergey Prozhogin |
28 Aug 2000 14:03:28 |
|
|
