mail# /sbin/ipfw list 00100 check-state 00200 allow ip from any to any via lo0 00300 deny ip from any to 127.0.0.0/8 00400 deny ip from 127.0.0.0/8 to any 00500 deny ip from any to 10.0.0.0/8 in via re0 00600 deny ip from any to 172.16.0.0/12 in via re0 00700 deny ip from any to 192.168.0.0/16 in via re0 00800 deny ip from any to 0.0.0.0/8 in via re0 00900 deny ip from any to 169.254.0.0/16 in via re0 01000 deny ip from any to 240.0.0.0/4 in via re0 01100 deny icmp from any to any frag 01200 deny log logamount 5 icmp from any to 255.255.255.255 in via re0 01300 deny log logamount 5 icmp from any to 255.255.255.255 out via re0 01400 deny not icmp from table(0) to me 01500 deny ip from 10.0.0.0/8 to any out via re0 01600 deny ip from 172.16.0.0/12 to any out via re0 01700 deny ip from 192.168.0.0/16 to any out via re0 01800 deny ip from 0.0.0.0/8 to any out via re0 01900 deny ip from 169.254.0.0/16 to any out via re0 02000 deny ip from 224.0.0.0/4 to any out via re0 02100 deny ip from 240.0.0.0/4 to any out via re0 02200 allow tcp from any to any established 02300 allow ip from ххх.ххх.ххх.204 to any out xmit re0 02800 allow icmp from any to any via re0 04000 deny ip from any to any 65535 deny ip from any to any
Это листинг файрвола. на ххх.ххх.ххх.204 в виртуалбоксе стоит еще одна ос с ип ххх.ххх.ххх.203 и когда на ххх.ххх.ххх.203 выключается файрвол то эту ос видно из вне. Почему если на хосте ххх.ххх.ххх.204 нет явного разрешающего правила для ххх.ххх.ххх.203. Хост uname -sr FreeBSD 8.2-RELEASE-p4 virtualbox-ose-4.1.18 virtualbox-ose-kmod-4.1.18 Гость Win2003 Ent SP2
