Re: [FUG-BR] RES: Liberar IP sem restrições no IPFW

[Alessandro de Souza Rocha]

Em 27/02/07, Rodrigo Teles Calado<[EMAIL PROTECTED]> escreveu:
> Olá,
>
> Todas as instruções que você passou pra mim eu já tinha tentado, mas nenhuma
> delas funcionou.
>
> Veja o meu script ipfw:
>
> #!/bin/sh
>
> #Variaveis
>
> _ipfw=$(which ipfw)
> _ip_ext="200.199.194.84"
> _net="192.168.0.0/24"
> _portas="22,53,80,443,1433,1434,3306"
> _indev="vr0"
>
> #Deleta todas as regras
>
> $_ipfw -f flush
>
> #Inializa o natd
>
> $_ipfw -q add 50 divert natd all from any to any via $_indev
>
> #Software da caixa  (conectividade)
>
> $_ipfw -q add 60 skipto 6 ip from $_net to 200.201.160.0/20
> $_ipfw -q add 70 divert 8668 ip from any to any via $_indev
>
> # Proxy transparente
>
> $_ipfw -q add 100 allow tcp from me to any 80
> $_ipfw -q add 110 fwd 127.0.0.1,3128 tcp from any to any 80
>
> $_ipfw -q add 160 deny all from any to 64.124.41.0/24
> $_ipfw -q add 170 deny tcp from any to any 6346
> $_ipfw -q add 180 deny tcp from any 6346 to any
> $_ipfw -q add 190 deny tcp from $_ip_ext to any 139
> $_ipfw -q add 200 deny tcp from $_ip_ext 139 to any
> $_ipfw -q add 210 deny tcp from $_ip_ext to any 137
> $_ipfw -q add 220 deny tcp from $_ip_ext 137 to any
> $_ipfw -q add 230 deny tcp from $_ip_ext to any 138
> $_ipfw -q add 240 deny tcp from $_ip_ext 138 to any
> $_ipfw -q add 250 deny tcp from any to any 445
> $_ipfw -q add 260 deny tcp from any 445 to any
> $_ipfw -q add 270 deny tcp from any to any 1512
> $_ipfw -q add 280 deny all from any 1512 to any
> $_ipfw -q add 290 deny tcp from any to any 31337
> $_ipfw -q add 300 deny tcp from any 31337 to any
> $_ipfw -q add 310 deny tcp from any to any 1234
> $_ipfw -q add 320 deny tcp from any 1234 to any
> $_ipfw -q add 330 deny tcp from any to any 12345
> $_ipfw -q add 340 deny tcp from any 12345 to any
> $_ipfw -q add 341 deny all from any to 72.14.209.85
> $_ipfw -q add 342 deny all from any to 72.14.209.86
> $_ipfw -q add 343 deny all from any to 72.14.209.87
> $_ipfw -q add 344 deny all from any to 72.14.209.94
> $_ipfw -q add 345 deny all from any to 66.249.81.94
> $_ipfw -q add 346 deny all from any to 66.249.81.85
> $_ipfw -q add 347 deny all from any to 66.249.81.86
> $_ipfw -q add 348 deny all from any to 66.249.81.87
> $_ipfw -q add 349 deny all from any to 200.185.117.196
> $_ipfw -q add 352 deny all from any to 65.54.179.227
> $_ipfw -q add 353 deny all from any to 65.54.183.227
> $_ipfw -q add 354 deny all from any to 65.54.179.226
> $_ipfw -q add 355 deny all from any to 65.54.183.226
> $_ipfw -q add 350 deny all from any to 216.32.90.26
> $_ipfw -q add 361 deny tcp from any to 62.193.226.74
> $_ipfw -q add 362 deny tcp from any to 62.193.235.46
> $_ipfw -q add 363 deny tcp from any to 62.193.236.96
> $_ipfw -q add 364 deny tcp from any to 62.193.236.100
> $_ipfw -q add 365 deny tcp from any to 62.193.245.234
> $_ipfw -q add 366 deny tcp from any to 62.193.249.41
> $_ipfw -q add 367 deny tcp from any to 66.232.102.157
> $_ipfw -q add 368 deny tcp from any to 66.232.117.243
> $_ipfw -q add 369 deny tcp from any to 66.232.118.93
> $_ipfw -q add 370 deny tcp from any to 66.232.118.195
> $_ipfw -q add 371 deny tcp from any to 66.232.118.237
> $_ipfw -q add 372 deny tcp from any to 69.46.17.168
> $_ipfw -q add 373 deny tcp from any to 193.164.132.164
> $_ipfw -q add 370 deny tcp from any 4661-4664 to any
> $_ipfw -q add 380 deny tcp from any to any 4661-4664
> $_ipfw -q add 390 deny udp from any 4661-4664 to any
> $_ipfw -q add 400 deny udp from any to any 4661-4664
> $_ipfw -q add 416 reset log tcp from any to any 1080,8080,8088,11523 out via
> $_indev
> $_ipfw -q add 428 reset log tcp from any to any 6346 in via $_indev
> $_ipfw -q add 429 reset log tcp from any to any 41170 out via $_indev
> $_ipfw -q add 430 reset log tcp from any to any 41170 in via $_indev
> $_ipfw -q add 431 reset log tcp from any to any 411 out via $_indev
> $_ipfw -q add 432 reset log tcp from any to any 412 out via $_indev
> $_ipfw -q add 436 reset log tcp from any to any 1214 out via $_indev
> $_ipfw -q add 437 reset log tcp from any to any 7729-7735,6699 out via
> $_indev
> $_ipfw -q add 438 deny log udp from any to any 6257 in via $_indev
> $_ipfw -q add 439 reset log tcp from any to any 6699 in via $_indev
> $_ipfw -q add 440 reset log tcp from any to any 4661,4665 out via $_indev
> $_ipfw -q add 441 reset log tcp from any to any 4662 in via $_indev
>
> Atenciosamente,
> Rodrigo Teles Calado.
> Analista de Suporte Pleno
> 61-84297799
>
>
> -Mensagem original-
> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome
> de Nilson Debatin
> Enviada em: terça-feira, 27 de fevereiro de 2007 19:46
> Para: Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)
> Assunto: Re: [FUG-BR] Liberar IP sem restrições no IPFW
>
> Em Ter, 2007-02-27 às 18:47 -0300, Rodrigo Teles Calado escreveu:
> > Olá,
> >
> > Eu tenho o squid + ipfw em um servidor e efetuei alguns bloqueios tanto no
> > squid quanto no ipfw para a rede 192.168.0.0/24.
> >
> > Gostaria de liberar determinados I

[FUG-BR] RES: Liberar IP sem restrições no IPFW

[Rodrigo Teles Calado]

Olá,

Todas as instruções que você passou pra mim eu já tinha tentado, mas nenhuma
delas funcionou.

Veja o meu script ipfw:

#!/bin/sh

#Variaveis

_ipfw=$(which ipfw)
_ip_ext="200.199.194.84"
_net="192.168.0.0/24"
_portas="22,53,80,443,1433,1434,3306"
_indev="vr0"

#Deleta todas as regras

$_ipfw -f flush

#Inializa o natd

$_ipfw -q add 50 divert natd all from any to any via $_indev

#Software da caixa  (conectividade) 

$_ipfw -q add 60 skipto 6 ip from $_net to 200.201.160.0/20
$_ipfw -q add 70 divert 8668 ip from any to any via $_indev  

# Proxy transparente

$_ipfw -q add 100 allow tcp from me to any 80
$_ipfw -q add 110 fwd 127.0.0.1,3128 tcp from any to any 80

$_ipfw -q add 160 deny all from any to 64.124.41.0/24
$_ipfw -q add 170 deny tcp from any to any 6346
$_ipfw -q add 180 deny tcp from any 6346 to any
$_ipfw -q add 190 deny tcp from $_ip_ext to any 139
$_ipfw -q add 200 deny tcp from $_ip_ext 139 to any 
$_ipfw -q add 210 deny tcp from $_ip_ext to any 137
$_ipfw -q add 220 deny tcp from $_ip_ext 137 to any
$_ipfw -q add 230 deny tcp from $_ip_ext to any 138
$_ipfw -q add 240 deny tcp from $_ip_ext 138 to any
$_ipfw -q add 250 deny tcp from any to any 445
$_ipfw -q add 260 deny tcp from any 445 to any
$_ipfw -q add 270 deny tcp from any to any 1512
$_ipfw -q add 280 deny all from any 1512 to any
$_ipfw -q add 290 deny tcp from any to any 31337
$_ipfw -q add 300 deny tcp from any 31337 to any
$_ipfw -q add 310 deny tcp from any to any 1234
$_ipfw -q add 320 deny tcp from any 1234 to any
$_ipfw -q add 330 deny tcp from any to any 12345
$_ipfw -q add 340 deny tcp from any 12345 to any
$_ipfw -q add 341 deny all from any to 72.14.209.85
$_ipfw -q add 342 deny all from any to 72.14.209.86
$_ipfw -q add 343 deny all from any to 72.14.209.87
$_ipfw -q add 344 deny all from any to 72.14.209.94
$_ipfw -q add 345 deny all from any to 66.249.81.94
$_ipfw -q add 346 deny all from any to 66.249.81.85
$_ipfw -q add 347 deny all from any to 66.249.81.86
$_ipfw -q add 348 deny all from any to 66.249.81.87
$_ipfw -q add 349 deny all from any to 200.185.117.196
$_ipfw -q add 352 deny all from any to 65.54.179.227
$_ipfw -q add 353 deny all from any to 65.54.183.227
$_ipfw -q add 354 deny all from any to 65.54.179.226
$_ipfw -q add 355 deny all from any to 65.54.183.226
$_ipfw -q add 350 deny all from any to 216.32.90.26
$_ipfw -q add 361 deny tcp from any to 62.193.226.74
$_ipfw -q add 362 deny tcp from any to 62.193.235.46
$_ipfw -q add 363 deny tcp from any to 62.193.236.96
$_ipfw -q add 364 deny tcp from any to 62.193.236.100
$_ipfw -q add 365 deny tcp from any to 62.193.245.234
$_ipfw -q add 366 deny tcp from any to 62.193.249.41
$_ipfw -q add 367 deny tcp from any to 66.232.102.157
$_ipfw -q add 368 deny tcp from any to 66.232.117.243
$_ipfw -q add 369 deny tcp from any to 66.232.118.93
$_ipfw -q add 370 deny tcp from any to 66.232.118.195
$_ipfw -q add 371 deny tcp from any to 66.232.118.237
$_ipfw -q add 372 deny tcp from any to 69.46.17.168
$_ipfw -q add 373 deny tcp from any to 193.164.132.164
$_ipfw -q add 370 deny tcp from any 4661-4664 to any
$_ipfw -q add 380 deny tcp from any to any 4661-4664
$_ipfw -q add 390 deny udp from any 4661-4664 to any
$_ipfw -q add 400 deny udp from any to any 4661-4664
$_ipfw -q add 416 reset log tcp from any to any 1080,8080,8088,11523 out via
$_indev
$_ipfw -q add 428 reset log tcp from any to any 6346 in via $_indev
$_ipfw -q add 429 reset log tcp from any to any 41170 out via $_indev
$_ipfw -q add 430 reset log tcp from any to any 41170 in via $_indev
$_ipfw -q add 431 reset log tcp from any to any 411 out via $_indev
$_ipfw -q add 432 reset log tcp from any to any 412 out via $_indev
$_ipfw -q add 436 reset log tcp from any to any 1214 out via $_indev 
$_ipfw -q add 437 reset log tcp from any to any 7729-7735,6699 out via
$_indev
$_ipfw -q add 438 deny log udp from any to any 6257 in via $_indev 
$_ipfw -q add 439 reset log tcp from any to any 6699 in via $_indev
$_ipfw -q add 440 reset log tcp from any to any 4661,4665 out via $_indev
$_ipfw -q add 441 reset log tcp from any to any 4662 in via $_indev

Atenciosamente,
Rodrigo Teles Calado.
Analista de Suporte Pleno
61-84297799


-Mensagem original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome
de Nilson Debatin
Enviada em: terça-feira, 27 de fevereiro de 2007 19:46
Para: Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)
Assunto: Re: [FUG-BR] Liberar IP sem restrições no IPFW

Em Ter, 2007-02-27 às 18:47 -0300, Rodrigo Teles Calado escreveu:
> Olá,
> 
> Eu tenho o squid + ipfw em um servidor e efetuei alguns bloqueios tanto no
> squid quanto no ipfw para a rede 192.168.0.0/24.
> 
> Gostaria de liberar determinados IP's para não passarem pelos bloqueios do
> ipfw, podendo passar pelos bloqueios do squid. Se tiver uma alternativa
para
> driblar o squid também não tem problema, onde o servidor do squid é o meu
> gateway.

O ideal seria que você passasse essas regras do IPFW para a lista, as