Тема: Доступ SSH по IP через IPFW
Запретил доступ SSH ВСЕМ и ВСЯ, открыл отдельным IP! А то боты задолбали ботить на мой серв!
#cat /etc/ipfw
#!/bin/sh
ipfw='/sbin/ipfw'
ournet='192.168.0.0/24'
ifout='re0' #Инет
ifuser='vr0' #Локальная сеть
${ipfw} -f flush
${ipfw} add 100 check-state
${ipfw} add 150 allow ip from any to any via lo0
${ipfw} add 200 allow ip from me to any keep-state
${ipfw} add 220 deny ip from not ${ournet} to any via ${ifuser} in
${ipfw} add 240 deny ip from any to not me via ${ifout} in
#SAMBA
${ipfw} add 241 allow udp from 192.168.0.0/24 to 192.168.0.0/24 137,138,139,445
${ipfw} add 242 allow tcp from 192.168.0.0/24 to 192.168.0.0/24 137,138,139,445,22
ADMIN PORT 22 OPEN
${ipfw} add 243 allow tcp from me to any 22
${ipfw} add 244 allow tcp from 192.168.0./24 to any dst-port 22
${ipfw} add 246 allow all from **.***.**.*** to any dst-port 22 # **.***.**.*** -IP кому мона!
${ipfw} add 247 allow all from **.***.**.*** to any dst-port 22
${ipfw} add 249 deny all from any to any dst-port 22
# NAT
${ipfw} add 250 divert natd all from any to any via ${ifout}
${ipfw} add 260 allow ip from any to any via ${ifout} out
${ipfw} add 300 allow tcp from any to me 25,80,110,3389
${ipfw} add 400 allow icmp from any to me
${ipfw} add 410 allow udp from any to me 53
${ipfw} add 500 deny ip from any to me
${ipfw} add 550 allow ip from any to any via ${ifout}
${ipfw} add 600 unreach host log logamount 0 tcp from any to any 25
#LOCAL
${ipfw} add 605 deny ip from 192.168.0.113 to any 80
${ipfw} add 700 allow ip from ${ournet} to any
${ipfw} add 710 allow ip from any to ${ournet}
${ipfw} add 65400 deny ip from any to anyВопрос!
Почему не могу из локальной сети по ссш зайти на любой внешний сервак!
Заранее спс!
