тут могут быть ошибки, но принцип такой
/etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.fw.one_pass=0
/etc/rc.conf
....
gateway_enable="YES"
....
natd_enable="YES"
natd_interface="rl0"
firewall_enable="YES"
firewall_script="/etc/rc.ipfw"
firewall_type="SERVER"
firewall_quiet="YES"
firewall_logging="YES"
/etc/rc.ipfw
[Ss][Ee][Rr][Vv][Ee][Rr])
setup_loopback
${fwcmd} add deny icmp from any to any in icmptype 5,9,13,14,15,16,17
${fwcmd} add deny icmp from any to any frag
.......
правила для роутера
.......
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd ip4 from any to any via ${natd_interface}
fi
;;
esac
.......
правила для сети
.......
${fwcmd} add pass tcp from any to any established
#PING
${fwcmd} add pass icmp from any to any
#DNS
${fwcmd} add pass udp from any to any 53
${fwcmd} add pass udp from any 53 to any
${fwcmd} add pass tcp from any to any 53 setup
#HTTP
${fwcmd} add pass tcp from any to any 80,8080
${fwcmd} add pass tcp from any 80,8080 to any
#HTTPS
${fwcmd} add pass tcp from 10.0.0.0/23 to any 443
${fwcmd} add pass tcp from any 443 to 10.0.0.0/23
# POP3
${fwcmd} add pass tcp from any to any 110
${fwcmd} add pass tcp from any 110 to any
# IMAP
${fwcmd} add pass tcp from any to any 143
${fwcmd} add pass tcp from any 143 to any
# IMAP-NEWS
${fwcmd} add pass tcp from any to any 119
${fwcmd} add pass tcp from any 119 to any
# SSH
${fwcmd} add pass tcp from any to any 22
${fwcmd} add pass tcp from any 22 to any
# ICQ
${fwcmd} add pass all from any to any 5190
${fwcmd} add pass all from any 5190 to any
# MSN
${fwcmd} add pass all from any to any 1863
${fwcmd} add pass all from any 1863 to any
${fwcmd} add deny log all from any to any <---------- это для отладки
${fwcmd} add deny all from any to any
;;
/etc/syslog.conf
!ipfw
*.* /var/log/ipfw.log
Добавлено спустя 5 минут 46 секунд:
P.S.
${fwcmd} add pass tcp from any to any established
это для того штобы исползоват правила с setup например
${fwcmd} add pass tcp from any to me 80 setup
https://www.freebsd.org/doc/en/books/han … -ipfw.html