#!/bin/sh
fwcmd="/sbin/ipfw"
LanOut="nfe0"
LanIn0="rl0"
LanIn77="tl0"
IpOut="111.111.111.222"
IpIn0="192.168.0.100"
IpIn77="192.168.77.1"
NetMask="32"
NetIn0="192.168.0.0"
NetIn77="192.168.77.0"
${fwcmd} -f flush
${fwcmd} add check-state
${fwcmd} add allow ip from any to any via lo0
${fwcmd} add deny ip from any to 127.0.0.0/8
${fwcmd} add deny ip from 127.0.0.0/8 to any
${fwcmd} add deny ip from any to 10.0.0.0/8 in via ${LanOut}
${fwcmd} add deny ip from any to 172.16.0.0/12 in via ${LanOut}
#${fwcmd} add deny ip from any to 192.168.0.0/16 in via ${LanOut}
${fwcmd} add deny ip from any to 0.0.0.0/8 in via ${LanOut}
${fwcmd} add deny ip from any to 169.254.0.0/16 in via ${LanOut}
${fwcmd} add deny ip from any to 240.0.0.0/4 in via ${LanOut}
${fwcmd} add deny icmp from any to any frag
${fwcmd} add deny log icmp from any to 255.255.255.255 in via ${LanOut}
${fwcmd} add deny log icmp from any to 255.255.255.255 out via ${LanOut}
${fwcmd} add fwd ${IpIn0},3128 tcp from ${NetIn0}/${NetMask} to any 80 via ${LanOut}
${fwcmd} add fwd ${IpIn77},3128 tcp from ${NetIn77}/${NetMask} to any 80 via ${LanOut}
${fwcmd} add fwd ${IpIn0},2121 tcp from ${NetIn0}/${NetMask} to any 21 via ${LanOut}
${fwcmd} add fwd ${IpIn77},2121 tcp from ${NetIn77}/${NetMask} to any 21 via ${LanOut}${fwcmd} add divert natd ip from ${NetIn0}/${NetMask} to any out via ${LanOut}
${fwcmd} add divert natd ip from ${NetIn77}/${NetMask} to any out via ${LanOut}
${fwcmd} add divert natd ip from any to ${IpOut} in via ${LanOut}
${fwcmd} add deny ip from 10.0.0.0/8 to any out via ${LanOut}
${fwcmd} add deny ip from 172.16.0.0/12 to any out via ${LanOut}
#${fwcmd} add deny ip from 192.168.0.0/16 to any out via ${LanOut}
${fwcmd} add deny ip from 0.0.0.0/8 to any out via ${LanOut}
${fwcmd} add deny ip from 169.254.0.0/16 to any out via ${LanOut}
${fwcmd} add deny ip from 224.0.0.0/4 to any out via ${LanOut}
${fwcmd} add deny ip from 240.0.0.0/4 to any out via ${LanOut}
${fwcmd} add allow tcp from any to any established
${fwcmd} add allow ip from ${IpOut} to any out xmit ${LanOut}
${fwcmd} add allow udp from any 53 to any via ${LanOut}
${fwcmd} add allow udp from any to any 53 via ${LanOut}
${fwcmd} add allow udp from any to any 123 via ${LanOut}
${fwcmd} add allow tcp from any to ${IpOut} 21 via ${LanOut}
${fwcmd} add allow tcp from any to ${IpOut} 49152-65535 via ${LanOut}
${fwcmd} add allow icmp from any to any icmptypes 0,8,11
${fwcmd} add allow tcp from any to ${IpOut} 80 via ${LanOut}
${fwcmd} add allow tcp from any to ${IpOut} 25 via ${LanOut}
${fwcmd} add allow tcp from any to ${IpOut} 22 via ${LanOut}
${fwcmd} add allow tcp from any to ${IpOut} 143 via ${LanOut}
${fwcmd} add allow tcp from any to ${IpOut} 110 via ${LanOut}
${fwcmd} add allow tcp from any to any via ${LanIn0}
${fwcmd} add allow tcp from any to any via ${LanIn77}
${fwcmd} add allow udp from any to any via ${LanIn0}
${fwcmd} add allow udp from any to any via ${LanIn77}
${fwcmd} add allow icmp from any to any via ${LanIn0}
${fwcmd} add allow icmp from any to any via ${LanIn77}
${fwcmd} add deny ip from any to any
Вариант для распечатки
(ok) on 03-Июн-11, 18:21 
