# rc.conf
gateway_enable="YES"
forvard_enable="YES"
natd_enable="YES"
natd_interface="vr0"
natd_flags="-f /etc/natd.conf"
dhcpd_enable="YES"
dhcpd_flags="-q"
dhcpd_ifaces="re0"
firewall_enable="YES"
firewall_type="SIMPLE"
firewall_script="/etc/rc.firewall"
#rc.firewall
# set these to your inside interface network and netmask and ip
iif2="re0"
inet="192.168.10.0"
imask="255.255.255.0"
iip="192.168.10.1"
setup_loopback
# Divert
${fwcmd} add fwd 127.0.0.1,3128 tcp from any to any 80,8080 in
${fwcmd} add divert natd all from any to any via ${oif}
${fwcmd} add pass ICMP from any to any
${fwcmd} add deny icmp from any to any frag
${fwcmd} add pass all from any to any via lo0
${fwcmd} add pass all from any to any 80
${fwcmd} add pass all from any 80 to any
(И так далее )
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 fwd 127.0.0.1,3128 tcp from any to any dst-port 80,8080 in
00500 313 23309 divert 8668 ip from any to any via vr0
00600 20 1200 allow icmp from any to any
00700 0 0 deny icmp from any to any frag
00800 0 0 allow ip from any to any via lo0
00900 0 0 allow ip from any 1723 to any
01000 0 0 allow ip from any to any dst-port 1723
01100 0 0 allow gre from any to any
01200 50 8052 allow tcp from any 22 to any
01300 65 6044 allow tcp from any to any dst-port 22
01400 197 14794 allow ip from any to any via re0
01500 0 0 allow tcp from any to me dst-port 1723
01600 0 0 allow gre from any to any
01700 0 0 allow ip from any to any dst-port 475
01800 0 0 allow ip from any 475 to any
01900 0 0 allow ip from any to any dst-port 25
02000 0 0 allow ip from any 25 to any
02100 0 0 allow ip from any to any dst-port 110
02200 0 0 allow ip from any 110 to any
02300 0 0 allow ip from any to any dst-port 20,21
02400 0 0 allow ip from any 20,21 to any
02500 0 0 allow tcp from any to any dst-port 5190
02600 0 0 allow tcp from any 5190 to any
02700 0 0 allow udp from any to any dst-port 53
02800 0 0 allow udp from any 53 to any
02900 0 0 allow ip from any to any dst-port 80
03000 0 0 allow ip from any 80 to any
03100 0 0 allow tcp from any to any dst-port 8080
03200 0 0 allow tcp from any 8080 to any
03300 0 0 allow tcp from any to any dst-port 8101
03400 0 0 allow tcp from any 8101 to any
03500 0 0 allow tcp from any to any dst-port 8181
03600 0 0 allow tcp from any 8181 to any
03700 0 0 allow tcp from any to any dst-port 443
03800 0 0 allow tcp from any 443 to any
03900 0 0 allow ip from any 9091 to any
04000 0 0 allow ip from any to any dst-port 9091
04100 0 0 allow tcp from any to any dst-port 1002
04200 0 0 allow tcp from any 1002 to any
04300 0 0 allow udp from any to any dst-port 55777
04400 0 0 allow udp from any 55777 to any
04500 0 0 allow ip from any to any dst-port 87
04600 0 0 allow ip from any 87 to any
04700 0 0 allow udp from any to any dst-port 8080
04800 0 0 allow udp from any 8080 to any
04900 0 0 allow udp from any to any dst-port 8101
05000 0 0 allow udp from any 8101 to any
05100 0 0 allow udp from any to any dst-port 8181
05200 0 0 allow udp from any 8181 to any
05300 0 0 allow udp from any to any dst-port 443
05400 0 0 allow udp from any 443 to any
05500 0 0 allow ip from any to any dst-port 1352
05600 0 0 allow ip from any 1352 to any
05700 0 0 allow ip from any to any dst-port 60179
05800 0 0 allow ip from any 60179 to any
05900 0 0 allow ip from any to any dst-port 27015
06000 0 0 allow ip from any 27015 to any
06100 0 0 divert 8668 ip from any to any via vr0
06200 0 0 deny ip from 10.0.0.0/8 to any via vr0
06300 0 0 deny ip from 172.16.0.0/12 to any via vr0
06400 0 0 deny ip from 192.168.0.0/16 to any via vr0
06500 0 0 deny ip from 0.0.0.0/8 to any via vr0
06600 0 0 deny ip from 169.254.0.0/16 to any via vr0
06700 0 0 deny ip from 192.0.2.0/24 to any via vr0
06800 0 0 deny ip from 224.0.0.0/4 to any via vr0
06900 0 0 deny ip from 240.0.0.0/4 to any via vr0
07000 0 0 allow tcp from any to any established
07100 0 0 allow ip from any to any frag
07200 0 0 allow tcp from any to 192.168.100.25 dst-port 25 setup
07300 0 0 allow tcp from any to 192.168.100.25 dst-port 53 setup
07400 0 0 allow udp from any to 192.168.100.25 dst-port 53
07500 0 0 allow udp from 192.168.100.25 53 to any
07600 0 0 allow tcp from any to 192.168.100.25 dst-port 80 setup
07700 0 0 deny log logamount 10 tcp from any to any in via vr0 setup
07800 0 0 allow tcp from any to any setup
07900 0 0 allow udp from 192.168.100.25 to any dst-port 53 keep-state
08000 0 0 allow udp from 192.168.100.25 to any dst-port 123 keep-state
65535 54 4830 allow ip from any to any
Вариант для распечатки
(ok) on 07-Апр-11, 01:50 
