forum.opennet.ru

Составление сообщения

Исходное сообщение

"Список правил для pf"
Отправлено Bobbi, 23-Апр-05 07:36

#!/bin/sh
scrub in on xl0 all fragment reassemble min-ttl 20 max-mss 1440
scrub in on xl0 all no-df
scrub on xl0 all reassemble tcp
block in quick proto tcp from any to 195.195.195.1 flags SF/SFRA
block in quick proto tcp from any to 195.195.195.1 flags SFUP/SFRAU
block in quick proto tcp from any to 195.195.195.1 flags FPU/SFRAUP
block in quick proto tcp from any to 195.195.195.1 flags F/SFRA
block in quick proto tcp from any to 195.195.195.1 flags U/SFRAU
block in quick proto tcp from any to 195.195.195.1 flags P/P
block in log-all quick on xl0 from { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, 224.0.0.0/3, 20.20.20.0/24 } to 195.195.195.1
block out log-all quick on xl0 from any to { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, 224.0.0.0/3, 20.20.20.0/24 }
block in log-all quick on xl0 proto udp from any to 195.195.195.1 port = 514
block in log-all quick on xl0 proto udp from any to 195.195.195.1 port 136 >< 140
block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port 136 >< 140
block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 901
block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 587
block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 3306
block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 3000
block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 3001
block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 110
pass in quick on xl0 proto icmp from any to 195.195.195.1 icmp-type echoreq
pass in quick on xl0 proto icmp from any to 195.195.195.1 icmp-type echorep
pass out quick on xl0 proto icmp from 195.195.195.1 to any icmp-type echoreq
pass out quick on xl0 proto icmp from 195.195.195.1 to any icmp-type echorep
block in log-all quick on xl0 proto icmp from any to any
block out log-all quick on xl0 proto icmp from any to any
pass in log-all quick on lo
pass out log-all quick on lo
pass in quick on xl0 proto tcp from 195.216.172.0/24 to 195.195.195.1 port = 22
block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 22
pass in quick on xl0 proto tcp from 80.80.80.53 to 195.195.195.1 port = 53
pass out quick on xl0 proto tcp from 195.195.195.1 port = 53 to 80.80.80.53
pass in quick on xl0 proto udp from any to 195.195.195.1 port = 53
pass out quick on xl0 proto udp from 195.195.195.1 port = 53 to any
pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 80 synproxy state (max 10 tcp.finwait 5 tcp.opening 10 tcp.established 30 tcp.closing 20)
pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 443 synproxy state (max 10 tcp.finwait 5 tcp.opening 10 tcp.established 30 tcp.closing 20)
pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 20 flags S/SA synproxy state
pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 21 flags S/SA synproxy state
pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 4661
pass out quick on xl0 proto tcp from 195.195.195.1 port = 4661 to any
pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 25 flags S/SA synproxy state
pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 465 flags S/SA synproxy state
pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 995 flags S/SA synproxy state
pass in quick on xl0 proto udp from 80.80.80.53 port = 53 to 195.195.195.1
pass in quick on xl0 proto udp from 217.199.96.2 port = 53 to 195.195.195.1
pass out quick on xl0 proto tcp from 195.195.195.1 to any
pass out quick on xl0 proto udp from 195.195.195.1 to any
block in log quick on xl0 proto tcp from any to 195.195.195.1 flags S/SAFRP
block in log quick on xl0 proto udp from any to 195.195.195.1
pass in quick on xl1 from any to any keep state
pass out quick on xl1 from any to any keep state

Исходное сообщение
"Список правил для pf" Отправлено Bobbi, 23-Апр-05 07:36
#!/bin/sh scrub in on xl0 all fragment reassemble min-ttl 20 max-mss 1440 scrub in on xl0 all no-df scrub on xl0 all reassemble tcp block in quick proto tcp from any to 195.195.195.1 flags SF/SFRA block in quick proto tcp from any to 195.195.195.1 flags SFUP/SFRAU block in quick proto tcp from any to 195.195.195.1 flags FPU/SFRAUP block in quick proto tcp from any to 195.195.195.1 flags F/SFRA block in quick proto tcp from any to 195.195.195.1 flags U/SFRAU block in quick proto tcp from any to 195.195.195.1 flags P/P block in log-all quick on xl0 from { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, 224.0.0.0/3, 20.20.20.0/24 } to 195.195.195.1 block out log-all quick on xl0 from any to { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, 224.0.0.0/3, 20.20.20.0/24 } block in log-all quick on xl0 proto udp from any to 195.195.195.1 port = 514 block in log-all quick on xl0 proto udp from any to 195.195.195.1 port 136 >< 140 block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port 136 >< 140 block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 901 block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 587 block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 3306 block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 3000 block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 3001 block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 110 pass in quick on xl0 proto icmp from any to 195.195.195.1 icmp-type echoreq pass in quick on xl0 proto icmp from any to 195.195.195.1 icmp-type echorep pass out quick on xl0 proto icmp from 195.195.195.1 to any icmp-type echoreq pass out quick on xl0 proto icmp from 195.195.195.1 to any icmp-type echorep block in log-all quick on xl0 proto icmp from any to any block out log-all quick on xl0 proto icmp from any to any pass in log-all quick on lo pass out log-all quick on lo pass in quick on xl0 proto tcp from 195.216.172.0/24 to 195.195.195.1 port = 22 block in log-all quick on xl0 proto tcp from any to 195.195.195.1 port = 22 pass in quick on xl0 proto tcp from 80.80.80.53 to 195.195.195.1 port = 53 pass out quick on xl0 proto tcp from 195.195.195.1 port = 53 to 80.80.80.53 pass in quick on xl0 proto udp from any to 195.195.195.1 port = 53 pass out quick on xl0 proto udp from 195.195.195.1 port = 53 to any pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 80 synproxy state (max 10 tcp.finwait 5 tcp.opening 10 tcp.established 30 tcp.closing 20) pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 443 synproxy state (max 10 tcp.finwait 5 tcp.opening 10 tcp.established 30 tcp.closing 20) pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 20 flags S/SA synproxy state pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 21 flags S/SA synproxy state pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 4661 pass out quick on xl0 proto tcp from 195.195.195.1 port = 4661 to any pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 25 flags S/SA synproxy state pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 465 flags S/SA synproxy state pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 995 flags S/SA synproxy state pass in quick on xl0 proto udp from 80.80.80.53 port = 53 to 195.195.195.1 pass in quick on xl0 proto udp from 217.199.96.2 port = 53 to 195.195.195.1 pass out quick on xl0 proto tcp from 195.195.195.1 to any pass out quick on xl0 proto udp from 195.195.195.1 to any block in log quick on xl0 proto tcp from any to 195.195.195.1 flags S/SAFRP block in log quick on xl0 proto udp from any to 195.195.195.1 pass in quick on xl1 from any to any keep state pass out quick on xl1 from any to any keep state

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> #!/bin/sh > scrub in on xl0 all fragment reassemble min-ttl 20 max-mss 1440 > scrub in on xl0 all no-df > scrub on xl0 all reassemble tcp > block in quick proto tcp from any to 195.195.195.1 flags SF/SFRA > block in quick proto tcp from any to 195.195.195.1 flags SFUP/SFRAU > block in quick proto tcp from any to 195.195.195.1 flags FPU/SFRAUP > block in quick proto tcp from any to 195.195.195.1 flags F/SFRA > block in quick proto tcp from any to 195.195.195.1 flags U/SFRAU > block in quick proto tcp from any to 195.195.195.1 flags P/P > block in log-all quick on xl0 from { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, > 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, 224.0.0.0/3, 20.20.20.0/24 > } to 195.195.195.1 > block out log-all quick on xl0 from any to { 127.0.0.0/8, 192.168.0.0/16, > 172.16.0.0/12, 10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, > 224.0.0.0/3, 20.20.20.0/24 } > block in log-all quick on xl0 proto udp from any to 195.195.195.1 > port = 514 > block in log-all quick on xl0 proto udp from any to 195.195.195.1 > port 136 >< 140 > block in log-all quick on xl0 proto tcp from any to 195.195.195.1 > port 136 >< 140 > block in log-all quick on xl0 proto tcp from any to 195.195.195.1 > port = 901 > block in log-all quick on xl0 proto tcp from any to 195.195.195.1 > port = 587 > block in log-all quick on xl0 proto tcp from any to 195.195.195.1 > port = 3306 > block in log-all quick on xl0 proto tcp from any to 195.195.195.1 > port = 3000 > block in log-all quick on xl0 proto tcp from any to 195.195.195.1 > port = 3001 > block in log-all quick on xl0 proto tcp from any to 195.195.195.1 > port = 110 > pass in quick on xl0 proto icmp from any to 195.195.195.1 icmp-type > echoreq > pass in quick on xl0 proto icmp from any to 195.195.195.1 icmp-type > echorep > pass out quick on xl0 proto icmp from 195.195.195.1 to any icmp-type > echoreq > pass out quick on xl0 proto icmp from 195.195.195.1 to any icmp-type > echorep > block in log-all quick on xl0 proto icmp from any to any > block out log-all quick on xl0 proto icmp from any to any > pass in log-all quick on lo > pass out log-all quick on lo > pass in quick on xl0 proto tcp from 195.216.172.0/24 to 195.195.195.1 port > = 22 > block in log-all quick on xl0 proto tcp from any to 195.195.195.1 > port = 22 > pass in quick on xl0 proto tcp from 80.80.80.53 to 195.195.195.1 port > = 53 > pass out quick on xl0 proto tcp from 195.195.195.1 port = 53 > to 80.80.80.53 > pass in quick on xl0 proto udp from any to 195.195.195.1 port > = 53 > pass out quick on xl0 proto udp from 195.195.195.1 port = 53 > to any > pass in quick on xl0 proto tcp from any to 195.195.195.1 port > = 80 synproxy state (max 10 tcp.finwait 5 tcp.opening 10 tcp.established > 30 tcp.closing 20) > pass in quick on xl0 proto tcp from any to 195.195.195.1 port > = 443 synproxy state (max 10 tcp.finwait 5 tcp.opening 10 tcp.established > 30 tcp.closing 20) > pass in quick on xl0 proto tcp from any to 195.195.195.1 port > = 20 flags S/SA synproxy state > pass in quick on xl0 proto tcp from any to 195.195.195.1 port > = 21 flags S/SA synproxy state > pass in quick on xl0 proto tcp from any to 195.195.195.1 port > = 4661 > pass out quick on xl0 proto tcp from 195.195.195.1 port = 4661 > to any > pass in quick on xl0 proto tcp from any to 195.195.195.1 port > = 25 flags S/SA synproxy state > pass in quick on xl0 proto tcp from any to 195.195.195.1 port > = 465 flags S/SA synproxy state > pass in quick on xl0 proto tcp from any to 195.195.195.1 port > = 995 flags S/SA synproxy state > pass in quick on xl0 proto udp from 80.80.80.53 port = 53 > to 195.195.195.1 > pass in quick on xl0 proto udp from 217.199.96.2 port = 53 > to 195.195.195.1 > pass out quick on xl0 proto tcp from 195.195.195.1 to any > pass out quick on xl0 proto udp from 195.195.195.1 to any > block in log quick on xl0 proto tcp from any to 195.195.195.1 > flags S/SAFRP > block in log quick on xl0 proto udp from any to 195.195.195.1 > pass in quick on xl1 from any to any keep state > pass out quick on xl1 from any to any keep state
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру