#!/bin/sh
localhost="127.0.0.1" wanip="212.76.10.100" lanip="192.168.77.1" waninntf="rl0" localintf="fxp0" fwcmd="/sbin/ipfw"
$fwcmd -f flush
${fwcmd} add pass all from any to any via lo0 ${fwcmd} add deny all from any to 127.0.0.0/8 ${fwcmd} add deny ip from 127.0.0.0/8 to any
${fwcmd} add pass udp from me to any 123 keep-state
${fwcmd} add divert natd ip from any to any out via ${waninntf} ${fwcmd} add divert natd ip from any to 212.76.10.162 in via ${waninntf}
${fwcmd} add pass tcp from any to any established ${fwcmd} add pass all from any to any out xmit ${wanip} ${fwcmd} add pass tcp from any to any in recv ${wanip} established
${fwcmd} add pass all from 192.168.0.0:255.255.0.0 to 192.168.0.0:255.255.0.0 via ${localintf}
${fwcmd} add pass tcp from any to ${wanip} 22 ${fwcmd} add pass tcp from any to ${lanip} 22
${fwcmd} add pass tcp from any 53 to me ${fwcmd} add pass udp from any 53 to me
${fwcmd} add pass tcp from any to me 53 ${fwcmd} add pass udp from any to me 53
${fwcmd} add pass icmp from any to any in recv ${wanip} icmptypes 0 ${fwcmd} add pass icmp from any to any out xmit ${wanip} icmptypes 8
${fwcmd} add pass icmp from any to any in recv ${wanip} icmptypes 3 ${fwcmd} add pass icmp from any to any in recv ${wanip} icmptypes 11
при таком правиле пользователи не могут выйти в инет как прописать правильно если можно покажите где чего не правильно
