==== rc.conf ===============================================
defaultrouter=”192.168.10.1″
hostname=”npcafe.secure-net.dk”
ifconfig_vr0=”inet 10.10.10.254 netmask 255.255.255.0″
ifconfig_sis0=”inet 192.168.10.199 netmask 255.255.255.0″
gateway_enable=”YES”
sshd_enable=”YES”
usbd_enable=”YES”
apache2_enable=”YES”
named_enable=”YES”
smbd_enable=YES
nmbd_enable=YES
dhcpd_enable=YES
dhcpd_ifaces=vr0
firewall_enable=YES
natd_enable=”YES”
natd_interface=”sis0″
==== firewall =============================================
#!/bin/sh
case “$1” in
start)
echo Starting firewall
ipfw -f flush
natd -n sis0
ipfw add divert natd ip from any to any via sis0
ipfw pipe 3 config bw 128Kbit/s queue 10 # Intet
ipfw pipe 2 config bw 2Mbit/s queue 10 # Mindre end vi har
ipfw pipe 1 config bw 10Mbit/s queue 10 # Mere end vi har
ipfw add allow all from any to me 445 keep-state
# ipfw add allow all from any to 212.242.77.76 22 keep-state
ipfw add deny all from 10.10.10.10/24 to any 22 keep-state
#Ting der er vigtige
ipfw add pipe 1 all from any 22 to any # SSH
ipfw add pipe 1 all from any 27960 to any # Quake3
#Ting der er semi vigtige
ipfw add pipe 2 all from any 80 to any # HTTP
#Ting der kan vaere lige meget
ipfw add pipe 3 all from any to any # Resten
ipfw add accept all from any to any
exit 0
;;
stop)
echo Stopping firewall
killall natd
# Minimal firewall settings, all allow for self and mike
ipfw -f flush
ipfw add allow all from any to any via lo0
ipfw add allow all from me to any keep-state
ipfw add allow all from 212.242.77.76 to me keep-state
;;
open)
echo Opening up firewall
ipfw -f flush
ipfw add allow all from any to any
;;
*)
echo “Usage: `basename $0` {start|stop|open}” >&2
exit 64
;;
esac
==== old firewall ============================== [syntax]
#!/bin/sh
case “$1” in
start)
echo Starting firewall
ipfw -f flush
natd -n sis0
ipfw add divert natd ip from any to any via sis0
# Clients to me
ipfw add allow all from 10.10.10.10/24 to me 139 keep-state #smb
ipfw add allow all from 10.10.10.10/24 to me 68 keep-state #dhcp
ipfw add allow all from 10.10.10.10/24 to me 53 keep-state #dns
# Admin to me
ipfw add allow all from 10.10.10.100 to me keep-state # kasse
ipfw add allow all from 212.242.77.76 to me keep-state # mike
ipfw add allow all from 81.19.234.132 to me keep-state # mike-2
# Clients to world
ipfw add deny all from 10.10.10.10/24 to any 445 keep-state #vira
ipfw add allow all from 10.10.10.10/24 to any keep-state #open
ipfw pipe 2 config bw 2Mbit/s queue 10
ipfw pipe 1 config bw 128Kbit/s queue 10
# layer 1 stuff
ipfw add queue 2 tcp from 10.10.10.10/24 to any 53 out
# ipfw add queue 1 tcp from 10.10.10.10/24 to any 27960 out
# ipfw add queue 1 tcp from 10.10.10.10/24 to any 22 out
# layer 2 stuff
#ipfw add queue 2 tcp from 10.10.10.10/24 to any 80 out
# ipfw add queue 2 tcp from 10.10.10.10/24 to any 21 out
# ipfw add queue 2 tcp from 10.10.10.10/24 to any 596 out
# layer 3 stuff – Anything not mentioned above gets the crap
ipfw add pipe 1 all from any to any out
ipfw add accept all from any to any
exit 0
;;
stop)
echo Stopping firewall
killall natd
# Minimal firewall settings, all allow for self and mike
ipfw -f flush
ipfw add allow all from any to any via lo0
ipfw add allow all from me to any keep-state
ipfw add allow all from 212.242.77.76 to me keep-state
;;
open)
echo Opening up firewall
ipfw -f flush
ipfw add allow all from any to any
;;
*)
echo “Usage: `basename $0` {start|stop|open}” >&2
exit 64
;;
esac