00100    allow ip from any to any via lo0
00101    deny log ip from any to 127.0.0.0/8
00102    deny log ip from 127.0.0.0/8 to any
00201    allow udp from me to 193.108.162.19 dst-port 53
00202    allow udp from 193.108.162.19 53 to me
01010    count ip from any to any in recv em1
01011    count ip from any to any out xmit em1
01020    count ip from any to any in recv em0
01021    count ip from any to any out xmit em0
02000    deny ip from not me to 10.98.58.255
02000    deny ip from not me to 255.255.255.255
02010    deny log ip from any to any not antispoof in
02011    deny log ip from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to any not verrevpath in
02020    skipto 2049 ip from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16
02020    skipto 2049 ip from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to 10.100.0.0/16,172.27.0.0/16,208.86.236.0/22,205.172.68.0/22,80.51.168.0/24,172.29.0.0/16
02020    skipto 2049 ip from 10.100.0.0/16,172.27.0.0/16,208.86.236.0/22,205.172.68.0/22,80.51.168.0/24,172.29.0.0/16 to 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16
02020    skipto 2049 ip from any to 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16
02021    deny log ip from any to 10.0.0.0/8
02021    deny log ip from any to 172.16.0.0/12
02021    deny log ip from any to 192.168.0.0/16
02021    deny log ip from any to 169.254.0.0/16
02021    deny log ip from any to 192.0.2.0/24
02021    deny log ip from any to 224.0.0.0/3
02030    skipto 2049 ip from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to any
02031    deny log ip from 10.0.0.0/8 to any
02031    deny log ip from 172.16.0.0/12 to any
02031    deny log ip from 192.168.0.0/16 to any
02031    deny log ip from 169.254.0.0/16 to any
02031    deny log ip from 192.0.2.0/24 to any
02031    deny log ip from 224.0.0.0/3 to any
03100    pipe 1 tcp from 193.108.162.15 to 10.98.58.2
03101    pipe 4 tcp from 193.108.162.15,193.108.162.7 to 10.98.58.0/24
03102    pipe 2 tcp from 10.98.8.21 to 10.98.58.0/24
03103    pipe 3 tcp from 10.98.0.28 to 10.98.58.0/24
03104    pipe 2 tcp from 10.98.240.90 to 10.98.58.0/24
03105    pipe 5 tcp from 10.98.8.55,10.98.8.83 to 10.98.58.0/24
03106    pipe 6 tcp from 10.98.0.28 to 10.98.58.227
03107    pipe 6 tcp from 10.98.0.3 to 10.98.58.252
03108    pipe 6 tcp from 193.108.162.55 to 10.98.58.252
03109    pipe 6 tcp from 10.98.8.21 to 10.98.58.227
03110    pipe 3 tcp from 10.98.0.26 to 10.98.58.0/24
10000    count ip from any to any
10100    deny ip from table(9) to any
10200    deny ip from any to table(9)
10300    allow tcp from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to me dst-port 22 setup
10400    allow tcp from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to me dst-port 80 setup
10500    allow tcp from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to 10.98.58.1 dst-port 8080 setup
10600    allow tcp from 10.98.56.0/22 to me dst-port 25 setup
10700    allow tcp from 10.98.56.0/22 to me dst-port 53 setup
10800    allow tcp from 10.98.8.7 to me dst-port 9102 setup
10900    allow tcp from me to any out setup
11000    deny log tcp from any to me setup
11100    allow udp from any to me dst-port 53 in
11200    allow udp from me 53 to any out
11300    allow udp from me to any dst-port 53 out keep-state
11400    allow udp from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to me dst-port 123 in
11500    allow udp from me 123 to 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 out
11600    allow udp from me to any dst-port 123 out keep-state
11700    allow udp from any 67,68 to me dst-port 67,68 in recv em0 // DHCP
11800    allow udp from me 67,68 to any dst-port 67,68 out xmit em0 // DHCP
11900    allow udp from me to 10.98.56.0/22 dst-port 161 out keep-state // SNMP
12000    allow udp from 10.98.58.8 to me dst-port 514 // syslog
12100    allow udp from me to any out keep-state
12200    allow udp from 10.98.56.254 to me dst-port 53,123 keep-state // DNS,NTP
12300    allow udp from 10.98.56.254 to me // TFTP
12400    allow udp from me to 10.98.56.254 // TFTP
12500    deny log udp from any to me
12600    allow ip from 10.98.56.0/22 to 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16
12700    allow ip from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to 10.98.56.0/22
12800    allow ip from 10.98.56.0/22 to 10.100.64.100,10.100.64.101,10.100.64.120,10.100.64.0
12900    allow ip from 10.100.64.100,10.100.64.101,10.100.64.120,10.100.64.0 to 10.98.56.0/22
13000    deny tcp from any to any dst-port 135-139,445 via em1
13100    deny udp from any to any dst-port 135-139,445 via em1
13200    deny tcp from any to any dst-port 111,1080,1433,3128 in recv em1 setup
13300    deny udp from any to any dst-port 1434 in recv em1
13400    allow ip from 10.98.56.0/22 to 10.100.0.0/16
13500    allow ip from 10.100.0.0/16 to 10.98.56.0/22
13600    allow tcp from 10.98.56.0/22 to 172.27.0.0/16,208.86.236.0/22,205.172.68.0/22 keep-state
13700    allow udp from 10.98.56.0/22 to 172.27.0.0/16,208.86.236.0/22,205.172.68.0/22 keep-state
13800    allow icmp from 10.98.56.0/22 to 172.27.0.0/16,208.86.236.0/22,205.172.68.0/22 keep-state
13900    allow tcp from 10.98.56.0/22 to 80.51.168.0/24,172.29.0.0/16 keep-state
14000    allow udp from 10.98.56.0/22 to 80.51.168.0/24,172.29.0.0/16 keep-state
14100    allow icmp from 10.98.56.0/22 to 80.51.168.0/24,172.29.0.0/16 keep-state
14200    allow esp from 10.98.56.0/22 to 172.27.0.0/16,208.86.236.0/22,205.172.68.0/22
14300    allow esp from 172.27.0.0/16,208.86.236.0/22,205.172.68.0/22 to 10.98.56.0/22
14400    allow tcp from 10.98.56.0/22 to not 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 in recv em0
14500    fwd 127.0.0.1,8080 tcp from 10.98.56.0/22 to not 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 dst-port 80 out recv em0 xmit em1
14600    allow tcp from any 80 to 10.98.56.0/22 established
14700    allow tcp from any to me established
14800    allow tcp from me to any established
14900    allow tcp from 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 to 193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 established
15000    count log tcp from any to any established
15100    allow udp from 10.98.56.253 to any dst-port 53 keep-state
15200    allow udp from 10.98.56.253 to any dst-port 123 keep-state
15300    deny log icmp from 10.98.56.0/22 to not 10.100.0.0/16,172.27.0.0/16,208.86.236.0/22,205.172.68.0/22,193.108.162.0/23,193.93.100.0/22,10.98.0.0/16 in
15400    allow icmp from 10.98.56.0/22 to any icmptypes 8 keep-state
15500    allow icmp from 10.98.56.0/22 to any icmptypes 3,11
15600    allow icmp from any to 10.98.56.0/22 icmptypes 3,11
15700    deny log tcp from any to any in recv em1
15800    deny log tcp from any to any out xmit em1
64001    deny icmp from any to any icmptypes 8 in recv em1
64001    deny log icmp from any to any
64002    deny log tcp from any to any
64003    deny log udp from any to any
65000    deny log ip from any to any
65535    deny ip from any to any

Напоминаю всем копирующим мой контент о существовании закона "Об авторском праве".
В связи с этим, прошу во избежании конфликтов при копировании данного материала, ставить на него ссылку:

http://noted.org.ua/1667


Также, вы можете отблагодарить меня переслав любую сумму на любой кошелек WebMoney, для поддержания данного ресурса. Или просто админу на пиво ;)

Кошельки для получения благодарности:
R386985788805
U234140473141
Z147712360455

На данной странице нет комментариев, возможно они закрыты. Если Вы хотите оставить свой комментарий, перейдите на специально созданный раздел

Add your comment now

Please note: JavaScript is required to post comments.