Вот мой конф файрволла
00007 deny log logamount 10 ip from any to me dst-port 25 via tun0
00007 deny log logamount 10 ip from any to me dst-port 25 via rl0
00008 deny log logamount 10 ip from any to me dst-port 901 in via tun0
00008 deny log logamount 10 ip from any to me dst-port 901 in via rl0
00009 deny log logamount 10 ip from any to me dst-port 953 in via rl0
00009 deny log logamount 10 ip from any to me dst-port 953 in via tun0
00010 deny log logamount 10 ip from any to me dst-port 80 in via rl0
00010 deny log logamount 10 ip from any to me dst-port 80 in via tun0
00011 deny log logamount 10 ip from any to me dst-port 3306 in via tun0
00011 deny log logamount 10 ip from any to me dst-port 3306 in via rl0
00012 deny log logamount 10 ip from any to me dst-port 67 in via tun0
00012 deny log logamount 10 ip from any to me dst-port 67 in via rl0
00013 deny log logamount 10 ip from any to me dst-port 21 in via rl0
00013 deny log logamount 10 ip from any to me dst-port 21 in via tun0
00014 deny log logamount 10 ip from any to me dst-port 22 in via tun0
00014 deny log logamount 10 ip from any to me dst-port 22 in via rl0
00015 deny log logamount 10 ip from any to any dst-port 135-139 in via rl0
00015 deny log logamount 10 ip from any to any dst-port 135-139 in via tun0
00016 deny log logamount 10 ip from any to me dst-port 123 in via tun0
00016 deny log logamount 10 ip from any to me dst-port 123 in via rl0
00017 deny log logamount 10 ip from any to me dst-port 514 in via rl0
00017 deny log logamount 10 ip from any to me dst-port 514 in via tun0
00018 deny log logamount 10 ip from any to me in via rl0 frag
00018 deny log logamount 10 ip from any to me in via tun0 frag
00019 deny log logamount 10 tcp from any to me in via rl0 tcpflags syn,fin
00019 deny log logamount 10 tcp from any to me in via tun0 tcpflags syn,fin
00020 deny log logamount 10 tcp from any to me in via rl0 tcpflags syn,fin,psh,u
rg
00020 deny log logamount 10 tcp from any to me in via tun0 tcpflags syn,fin,psh,
urg
00021 deny log logamount 10 tcp from any to me in via rl0 tcpflags fin,psh,urg
00021 deny log logamount 10 tcp from any to me in via tun0 tcpflags fin,psh,urg
00023 deny log logamount 10 tcp from any to me in via rl0 tcpflags urg
00023 deny log logamount 10 tcp from any to me in via tun0 tcpflags urg
00024 deny log logamount 10 ip from 192.168.0.0/24 to any via rl0
00025 deny log logamount 10 ip from 192.168.0.0/24 to 192.168.0.0/24 via tun0
00025 deny log logamount 10 ip from 192.168.0.0/24 to 192.168.0.0/24 via rl0
00080 fwd 192.168.0.1,25 tcp from 192.168.0.0/24 to any dst-port 25 via tun0
00090 fwd 192.168.0.1,3128 tcp from 192.168.0.0/24 to any dst-port 80 via tun0
00095 check-state
00100 divert 8668 ip from 192.168.0.0/24 to any out xmit tun0
00110 divert 8668 ip from any to me in recv tun0
00170 allow ip from 192.168.0.0/24 to any out via tun0 keep-state
00180 allow ip from me to any keep-state
00190 allow ip from 192.168.0.0/24 to 192.168.0.0/24 via xl0
00191 allow ip from 192.168.0.0/24 to any keep-state
65000 deny log logamount 10 ip from any to any
65535 deny ip from any to anyне работает трасировка, если включить правило 00098 allow ip from any to any keep-state
то трасировка работает...
но как заставить работать без этого правила...
|
Версия для распечатки
(??), 29-Ноя-06, 15:50 
Как заставить (не)работать traceroute ???,
Tuxper, 29-Ноя-06, 15:50
[смотреть все]
