yrchen · May 31, 2012 08:42
diff --git a/rc.firewall b/rc.firewall
 #!/bin/sh
 ipfw="/sbin/ipfw"
 myip="140.115.51.xxx"
 myip2="10.115.51.254"
 myif="em0"
 myif2="em1"

 # clean rules
 $ipfw -f flush

 # NAT
 $ipfw add 100 divert natd all from any to any via $myif

 # deny SSH to wireless
 $ipfw add 200 deny log all from any to me 22

 # deny telnet to wireless
 $ipfw add 200 deny log all from any to me 23

 # DNS
 $ipfw add 250 allow udp from any to any 53 via $myif2

 # DHCP
 $ipfw add 250 allow udp from any to any 67 via $myif2

 # 300 - 400 for clients

 # forward HTTP, HTTPS
 $ipfw add 00450 fwd $myip2,443 tcp from any to any 443 in recv $myif2
 $ipfw add 00500 fwd $myip2,80 all from any to any in recv $myif2

 # deny HTTP, HTTPS to wireless
 $ipfw add 550 deny all from any to me 80
 $ipfw add 550 deny all from any to me 443
	#!/bin/sh
	ipfw="/sbin/ipfw"
	myip="140.115.51.xxx"
	myip2="10.115.51.254"
	myif="em0"
	myif2="em1"

	# clean rules
	$ipfw -f flush

	# NAT
	$ipfw add 100 divert natd all from any to any via $myif

	# deny SSH to wireless
	$ipfw add 200 deny log all from any to me 22

	# deny telnet to wireless
	$ipfw add 200 deny log all from any to me 23

	# DNS
	$ipfw add 250 allow udp from any to any 53 via $myif2

	# DHCP
	$ipfw add 250 allow udp from any to any 67 via $myif2

	# 300 - 400 for clients

	# forward HTTP, HTTPS
	$ipfw add 00450 fwd $myip2,443 tcp from any to any 443 in recv $myif2
	$ipfw add 00500 fwd $myip2,80 all from any to any in recv $myif2

	# deny HTTP, HTTPS to wireless
	$ipfw add 550 deny all from any to me 80
	$ipfw add 550 deny all from any to me 443