Возник вопрос ipfw конфиг
${fwcmd} table 1 flush
${fwcmd} zero
${fwcmd} -f flush
${fwcmd} nat 1 delete
# Сетевая карта в которую вставлен провод от провайдера.
extif="igb1"
# Сетевая карта смотрящая во внутреннюю сеть.
LanIn="igb0"
setup_loopback
# Заполнение таблиц запрета
cat /etc/tables/full_block | while read ip; do
${fwcmd} table 1 add $ip 1
done
# Исключение из запрета
cat /etc/tables/AllowSites | while read ip; do
${fwcmd} table 2 add $ip 1
done
# kernel nat - most trendy.
${fwcmd} nat 1 config if ${extif} log reset same_ports
${fwcmd} add nat 1 all from any to any in via ${extif}
${fwcmd} add allow ip from table\(2\) to any in via ${extif}
${fwcmd} add deny log logamount 2048 all from table\(1\) to any in via ${extif}
${fwcmd} add nat 1 all from 10.10.0.0/21 to any out via ${extif}
${fwcmd} add allow ip from any to any out via ${extif}
${fwcmd} add allow all from any to any via igb0
# Доступ в DNS серверу.
${fwcmd} add allow tcp from any to ${IpOut} 53 in via ${extif} setup
# Запрещаем всё и в лог.
${fwcmd} add 65534 deny log all from any to any