Toto je konfiguracia co som pouzival ja na svojom fbsd co som si spravoval par rokov dozadu:
Kód:
# Settings
if = "re0"
local = "{127.0.0.1,10.20.51.111,217.0.0.1}"
ip = "{10.20.51.111}"
ircip = "{195.168.2.141,193.87.79.111}"
# Default deny
block on $if all
# Default TCP policy
pass in on $if proto tcp from $ip to any port ssh
pass in on $if proto tcp from any to any port {80,443}
pass in on $if proto tcp from $ip to any port 1723
pass in on $if proto tcp from $ircip to any port 113
pass out on $if proto tcp from any to any
# Default UDP policy
pass in on $if proto udp from $local to any port {161,162}
pass out on $if proto udp from any to any
# Default ICMP policy
pass out on $if proto icmp from any to any
Blokoval som tam vsetko az na par vynimiek ako je ssh len z lokalnej siete, porty pre irc len pre irc server kvoli identu
Choď na stránku: