Advertisement
Advertisement
| 09.07.2008 at 04:19PM PDT, ID: 23710757 | Points: 500 |
|
[x]
Attachment Details
|
||
1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: |
#!/bin/bash
ipfw -q flush
ipfwadd="let \"rule += 1\" ; ipfw -q add \$rule"
ipfwaddpipe="let \"rule += 1\" ; ipfw -q add \$rule pipe \$rule"
ipfwpipe="ipfw pipe \$rule"
netclass="24.18"
boxclass="24.18.146.0/24"
#mainip=`ifconfig | egrep "$netclass" | head -1 | awk '{ print $2 }' 2>/dev/null`
mainip="24.18.146.162"
## MAIN IP RULES ##
rule=10 ; let "rule -= 1"
if [ `echo $mainip | egrep "^$netclass" | wc -l` -eq "1" ]; then
eval $ipfwadd deny tcp from any to $mainip 6660-6669,7000,7777 in
fi
## INCOMING TRAFFIC ##
rule=20 ; let "rule -= 1"
eval $ipfwaddpipe tcp from not $boxclass to any 22 setup in // INCOMING TRAFFIC: SSH TCP-SYN per DST_IP
eval $ipfwpipe config bw 1Mbit/s mask dst-ip 0xffffffff
eval $ipfwaddpipe icmp from any to any in // INCOMING TRAFFIC: ICMP
eval $ipfwpipe config bw 128Kbit/s
## OUTGOING TRAFFIC ##
rule=30 ; let "rule -= 1"
eval $ipfwaddpipe udp from any not 1-1023 to any out // OUTGOING TRAFFIC: UDP
eval $ipfwpipe config bw 3Mbit/s
eval $ipfwaddpipe tcp from any not 1-1023 to any setup out // OUTGOING TRAFFIC: TCP per SRC_IP
eval $ipfwpipe config bw 256Kbit/s mask src-ip 0xffffffff
eval $ipfwaddpipe icmp from any to any out // OUTGOING TRAFFIC: ICMP
eval $ipfwpipe config bw 128Kbit/s
|
