Пользователь
Сообщения: 139
Благодарности: 5
|
Профиль
|
Отправить PM
| Цитировать
До попыки подключения к фтп
00100 0 0 allow ip from any to any via lo0
00110 0 0 deny ip from any to 127.0.0.0/8
00120 0 0 deny ip from 127.0.0.0/8 to any
00130 0 0 check-state
00140 0 0 deny ip from any to any frag
00150 67 62292 deny tcp from any to any established
00185 122 28430 allow tcp from any to any dst-port 80,443,8000 out via re0 setup keep-state
00186 0 0 allow tcp from any to any dst-port 20,21 out via re0 setup keep-state
00190 0 0 allow tcp from any to 192.168.196.3 dst-port 53 via re0 setup keep-state
00195 2 319 allow udp from any to 192.168.196.3 dst-port 53 via re0 keep-state
00300 188 36686 allow tcp from 192.168.196.0/24 to any dst-port 3128 in via re0 setup keep-state
65535 91016 8141391 deny ip from any to any
после
00100 0 0 allow ip from any to any via lo0
00110 0 0 deny ip from any to 127.0.0.0/8
00120 0 0 deny ip from 127.0.0.0/8 to any
00130 0 0 check-state
00140 0 0 deny ip from any to any frag
00150 85 65908 deny tcp from any to any established
00185 143 31726 allow tcp from any to any dst-port 80,443,8000 out via re0 setup keep-state
00186 79 5506 allow tcp from any to any dst-port 20,21 out via re0 setup keep-state
00190 0 0 allow tcp from any to 192.168.196.3 dst-port 53 via re0 setup keep-state
00195 6 1081 allow udp from any to 192.168.196.3 dst-port 53 via re0 keep-state
00300 293 50802 allow tcp from 192.168.196.0/24 to any dst-port 3128 in via re0 setup keep-state
65535 91264 8163373 deny ip from any to any
ps. ПопробЫвал сделать поподробней т.е. разделил 20 и 21 порты вижу что правило срабатывает только по 21 а по 20 чисто
|
Отправлено: 16:52, 21-12-2009
| #15
|
