Список «ненужных» сетей — Admin

-i ext_iface -P INPUT DROP
:)
А разрешить все что нужно.
~~zgen~~ ★★★★★
(01.11.05 17:17:03 MSK)
Ссылка
Можешь попробовать что-то вроде этого - 

# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from any to 10.0.0.0/8 in via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}

# Stop draft-manning-dsua-01.txt nets on the outside interface
${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
${fwcmd} add deny all from any to 10.0.0.0/8 in via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}

#Stop reserved IANA addresses
${fwcmd} add deny all from any to 1.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 2.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 5.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 7.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 23.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 27.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 31.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 37.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 39.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 41.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 42.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 58.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 70.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 71.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 73.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 74.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 75.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 76.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 77.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 78.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 79.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 96.0.0.0/4 via ${oif}
${fwcmd} add deny all from any to 112.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 113.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 114.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 115.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 116.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 117.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 118.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 119.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 120.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 121.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 122.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 123.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 124.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 125.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 126.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 218.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 219.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 220.0.0.0/6 via ${oif}

ну и также соответственно - 

${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}

И так далее... Только учти, что те, что относятся к зарезервированным в IANA периодически включаются в используемые... то есть есть шанc забанить вполне себе невинные ресурсы...
MiracleMan ★★★★★
(02.11.05 00:22:45 MSK)
Ссылка
Похожие темы
