OpenForum RSS: �� ip, PF+squid Freebsd

�� ip, PF+squid Freebsd (Lomonosov)

Tue, 27 Mar 2012 10:00:11 GMT

�� , �� , �� , �� , �� .

�� ip, PF+squid Freebsd (artemrts)

Tue, 27 Mar 2012 09:52:29 GMT

> �� , �� , �� , ��
> � �� ?:
> #HOSTNEW
> set state-policy if-bound
> nat on $EXT_IF inet from 192.168.0.100 to !(self) -> ($EXT_IF)
> block in all
> block out all
> block in quick on $EXT_IF from any to $LOCALHOST
> block in on $EXT_IF from <private> to any
> block in quick on $EXT_IF from {<portscanofly>,<portscanfile> }

� �� ? �� antispoof quick on {lo $int_if}

>
>
>
> # I N T E R N A L
> T R A F F I C
> #HOSTNEW_SQUID
> pass out on $EXT_IF inet from $EXT_IF to any
> pass in quick on $INT_IF inet from $INT_IF:network to $INT_IF
> pass out quick on $INT_IF inet from $INT_IF to $INT_IF:network

tcpdump'�� . ��, �� .

�� ip, PF+squid Freebsd (Lomonosov)

Tue, 27 Mar 2012 08:44:00 GMT

�� , �� set state-policy if-bound �� scub, �� ...

�� ip, PF+squid Freebsd (Lomonosov)

Tue, 27 Mar 2012 07:53:10 GMT

�� , �� , �� , �� ?:

#HOSTNEW
set state-policy if-bound
nat on $EXT_IF inet from 192.168.0.100 to !(self) -> ($EXT_IF)

block in all
block out all

block in quick on $EXT_IF from any to $LOCALHOST
block in on $EXT_IF from <private> to any
block in quick on $EXT_IF from {<portscanofly>,<portscanfile> }

# I N T E R N A L T R A F F I C
#HOSTNEW_SQUID
pass out on $EXT_IF inet from $EXT_IF to any
pass in quick on $INT_IF inet from $INT_IF:network to $INT_IF
pass out quick on $INT_IF inet from $INT_IF to $INT_IF:network

�� ip, PF+squid Freebsd (Lomonosov)

Tue, 27 Mar 2012 07:07:49 GMT

��! �� !

�� ip, PF+squid Freebsd (artemrts)

Tue, 27 Mar 2012 07:04:20 GMT

> �� ! �� !!! �� , �� ,
> �� IP � �� squid,
> �� :
> nat on $EXT_IF from 192.168.0.100 to any -> $EXT_IP
> pass out on $EXT_IF from 192.168.0.100 to any keep state

^^^^^^^^^^^^
�� , �� , � �� . � �� , � � �� (192.168.0.100).
� ��, �� net.inet.ip.forwarding: 1

> �� !

set state-policy if-bound

nat on $ext_if inet from 192.168.0.100 to !(self) -> ($ext_if)

block in
block out

� �� "��" � �� . ��, �� PF - �� statefull firawall, �� .

pass out on $ext_if inet from $ext_if to any

# �� 2 �� . ��. �� ,
# ��

OpenForum RSS: ������ � �������� �� ip, PF+squid Freebsd

������ � �������� �� ip, PF+squid Freebsd (Lomonosov)

������ � �������� �� ip, PF+squid Freebsd (artemrts)

������ � �������� �� ip, PF+squid Freebsd (Lomonosov)

������ � �������� �� ip, PF+squid Freebsd (Lomonosov)

������ � �������� �� ip, PF+squid Freebsd (Lomonosov)

������ � �������� �� ip, PF+squid Freebsd (artemrts)

OpenForum RSS: �� ip, PF+squid Freebsd

�� ip, PF+squid Freebsd (Lomonosov)

�� ip, PF+squid Freebsd (artemrts)

�� ip, PF+squid Freebsd (Lomonosov)

�� ip, PF+squid Freebsd (Lomonosov)

�� ip, PF+squid Freebsd (Lomonosov)

�� ip, PF+squid Freebsd (artemrts)