morfey 82 Опубликовано: 2010-03-19 13:47:26 Share Опубликовано: 2010-03-19 13:47:26 Прошу перевірить скрипт фаєра, бо ще не дуже "гуру" в цьому)) Все працює,але щоб боком потім не вилізло )) скрипт ’param’ - видає швидкість (пхп) Дякую OnConnect #!/bin/sh LOGIN=$1 IP=$2 CASH=$3 ID=$4 SPEED=`/etc/stargazer/param speed $LOGIN` fwcmd="/sbin/ipfw -q" ${fwcmd} table 13 delete ${IP} if [ ${SPEED} = 128 ] then ${fwcmd} table 1 add ${IP} else fi if [ ${SPEED} = 256 ] then ${fwcmd} table 2 add ${IP} else fi if [ ${SPEED} = 512 ] then ${fwcmd} table 3 add ${IP} else fi if [ ${SPEED} = 1024 ] then ${fwcmd} table 4 add ${IP} else fi if [ ${SPEED} = 1536 ] then ${fwcmd} table 5 add ${IP} else fi if [ ${SPEED} = 2048 ] then ${fwcmd} table 6 add ${IP} else fi if [ ${SPEED} = 3072 ] then ${fwcmd} table 7 add ${IP} else fi if [ ${SPEED} = 4096 ] then ${fwcmd} table 8 add ${IP} else fi if [ ${SPEED} = 5120 ] then ${fwcmd} table 9 add ${IP} else fi if [ ${SPEED} = 10240 ] then ${fwcmd} table 10 add ${IP} else fi if [ ${SPEED} = 20480 ] then ${fwcmd} table 11 add ${IP} else fi if [ ${SPEED} = 102400 ] then ${fwcmd} table 12 add ${IP} fi OnDisconnect #!/bin/sh LOGIN=$1 IP=$2 CASH=$3 ID=$4 fwcmd="/sbin/ipfw -q" SPEED=`/etc/stargazer/param speed $LOGIN` if [ ${SPEED} = 128 ] then ${fwcmd} table 1 delete ${IP}. else fi if [ ${SPEED} = 256 ] then ${fwcmd} table 2 delete ${IP}. else fi if [ ${SPEED} = 512 ] then ${fwcmd} table 3 delete ${IP}. else fi if [ ${SPEED} = 1024 ] then ${fwcmd} table 4 delete ${IP}. else fi if [ ${SPEED} = 1536 ] then ${fwcmd} table 5 delete ${IP}. else fi if [ ${SPEED} = 2048 ] then ${fwcmd} table 6 delete ${IP}. else fi if [ ${SPEED} = 3072 ] then ${fwcmd} table 7 delete ${IP}. else fi if [ ${SPEED} = 4096 ] then ${fwcmd} table 8 delete ${IP}. else fi if [ ${SPEED} = 5120 ] then ${fwcmd} table 9 delete ${IP}. else fi if [ ${SPEED} = 10240 ] then ${fwcmd} table 10 delete ${IP} else fi if [ ${SPEED} = 20480 ] then ${fwcmd} table 11 delete ${IP}. else fi if [ ${SPEED} = 102400 ] then ${fwcmd} table 12 delete ${IP}. else fi ${fwcmd} table 13 add ${IP} /etc/rc.firewall #!/bin/sh fwcmd="/sbin/ipfw -q add" fw="/sbin/ipfw -q" flush=`${fw} -f flush` flush_table=`${fw} table all flush` flush_pipe=`${fw} pipe flush` local_if="re1" global_if="re0" local_ip="10.10.0.1" global_ip="xxx.xxx.xxx.xxx" ${flush} ${flush_table} ${flush_pipe} ${fwcmd} 5 allow all from any to any via lo0 ${fwcmd} 10 allow icmp from any to any ${fwcmd} 20 deny all from any to ${global_ip} 22 via ${global_if} #trusted ips ${fw} table 14 add 10.10.10.2 ${fw} table 14 add 127.0.0.1 ${fw} table 14 add 10.10.10.3 ${fw} table 14 add ${local_ip} ${fw} table 14 add ${global_ip} ${fw} table 14 add 10.10.10.11 ${fw} table 14 add 10.10.10.13 ${fw} table 14 add 10.10.10.14 #real ips ${fw} table 15 add xxx.xxx.xxx.xx1 ${fw} table 15 add xxx.xxx.xxx.xx2 ${fw} table 15 add xxx.xxx.xxx.xx3 ${fw} table 15 add xxx.xxx.xxx.xx4 ${fw} table 15 add xxx.xxx.xxx.xx5 ${fw} table 15 add xxx.xxx.xxx.xx6 ${fw} table 15 add xxx.xxx.xxx.xx7 ${fw} table 15 add xxx.xxx.xxx.xx8 ${fw} table 15 add xxx.xxx.xxx.xx9 ${fwcmd} 5001 allow all from any to table\(14\) ${fwcmd} 5002 allow all from table\(14\) to any ${fwcmd} 5003 allow all from any to table\(15\) ${fwcmd} 5004 allow all from table\(15\) to any ${fwcmd} 6003 allow all from any http to table\(13\) ${fwcmd} 6004 allow all from table\(13\) to any http ${fwcmd} 6000 fwd 127.0.0.1,80 all from table\(13\) to any http,https,8080 ${fw} pipe 1000 config mask dst-ip 0xffffffff bw 128kbit/s ${fw} pipe 1001 config mask src-ip 0xffffffff bw 128kbit/s ${fwcmd} 10000 pipe 1000 ip from any to table\(1\) out xmit ${local_if} ${fwcmd} 10001 pipe 1001 ip from table\(1\) to any in recv ${local_if} ${fwcmd} 10000 allow ip from any to table\(1\) ${fwcmd} 10001 allow ip from table\(1\) to any ${fw} pipe 1002 config mask dst-ip 0xffffffff bw 256kbit/s ${fw} pipe 1003 config mask src-ip 0xffffffff bw 256kbit/s ${fwcmd} 10002 pipe 1002 ip from any to table\(2\) out xmit ${local_if} ${fwcmd} 10003 pipe 1003 ip from table\(2\) to any in recv ${local_if} ${fwcmd} 10002 allow ip from any to table\(2\) ${fwcmd} 10003 allow ip from table\(2\) to any ${fw} pipe 1004 config mask dst-ip 0xffffffff bw 512kbit/s ${fw} pipe 1005 config mask src-ip 0xffffffff bw 512kbit/s ${fwcmd} 10004 pipe 1004 ip from any to table\(3\) out xmit ${local_if} ${fwcmd} 10005 pipe 1005 ip from table\(3\) to any in recv ${local_if} ${fwcmd} 10004 allow ip from any to table\(3\) ${fwcmd} 10005 allow ip from table\(3\) to any ${fw} pipe 1006 config mask dst-ip 0xffffffff bw 1024kbit/s ${fw} pipe 1007 config mask src-ip 0xffffffff bw 1024kbit/s ${fwcmd} 10006 pipe 1006 ip from any to table\(4\) out xmit ${local_if} ${fwcmd} 10007 pipe 1007 ip from table\(4\) to any in recv ${local_if} ${fwcmd} 10006 allow ip from any to table\(4\) ${fwcmd} 10007 allow ip from table\(4\) to any ${fw} pipe 1008 config mask dst-ip 0xffffffff bw 1536kbit/s ${fw} pipe 1009 config mask src-ip 0xffffffff bw 1536kbit/s ${fwcmd} 10008 pipe 1008 ip from any to table\(5\) out xmit ${local_if} ${fwcmd} 10009 pipe 1009 ip from table\(5\) to any in recv ${local_if} ${fwcmd} 10008 allow ip from any to table\(5\) ${fwcmd} 10009 allow ip from table\(5\) to any ${fw} pipe 1010 config mask dst-ip 0xffffffff bw 2048kbit/s ${fw} pipe 1011 config mask src-ip 0xffffffff bw 2048kbit/s ${fwcmd} 10010 pipe 1010 ip from any to table\(6\) out xmit ${local_if} ${fwcmd} 10011 pipe 1011 ip from table\(6\) to any in recv ${local_if} ${fwcmd} 10010 allow ip from any to table\(6\) ${fwcmd} 10011 allow ip from table\(6\) to any ${fw} pipe 1012 config mask dst-ip 0xffffffff bw 3072kbit/s ${fw} pipe 1013 config mask src-ip 0xffffffff bw 3072kbit/s ${fwcmd} 10012 pipe 1012 ip from any to table\(7\) out xmit ${local_if} ${fwcmd} 10013 pipe 1013 ip from table\(7\) to any in recv ${local_if} ${fwcmd} 10012 allow ip from any to table\(7\) ${fwcmd} 10013 allow ip from table\(7\) to any ${fw} pipe 1014 config mask dst-ip 0xffffffff bw 4096kbit/s ${fw} pipe 1015 config mask src-ip 0xffffffff bw 4096kbit/s ${fwcmd} 10014 pipe 1014 ip from any to table\(8\) out xmit ${local_if} ${fwcmd} 10015 pipe 1015 ip from table\(8\) to any in recv ${local_if} ${fwcmd} 10014 allow ip from any to table\(8\) ${fwcmd} 10015 allow ip from table\(8\) to any ${fw} pipe 1016 config mask dst-ip 0xffffffff bw 5120kbit/s ${fw} pipe 1017 config mask src-ip 0xffffffff bw 5120kbit/s ${fwcmd} 10016 pipe 1016 ip from any to table\(9\) out xmit ${local_if} ${fwcmd} 10017 pipe 1017 ip from table\(9\) to any in recv ${local_if} ${fwcmd} 10016 allow ip from any to table\(9\) ${fwcmd} 10017 allow ip from table\(9\) to any ${fw} pipe 1018 config mask dst-ip 0xffffffff bw 10240kbit/s ${fw} pipe 1019 config mask src-ip 0xffffffff bw 10240kbit/s ${fwcmd} 10018 pipe 1018 ip from any to table\(10\) out xmit ${local_if} ${fwcmd} 10019 pipe 1019 ip from table\(10\) to any in recv ${local_if} ${fwcmd} 10018 allow ip from any to table\(10\) ${fwcmd} 10019 allow ip from table\(10\) to any ${fw} pipe 1020 config mask dst-ip 0xffffffff bw 20480kbit/s ${fw} pipe 1021 config mask src-ip 0xffffffff bw 20480kbit/s ${fwcmd} 10020 pipe 1020 ip from any to table\(11\) out xmit ${local_if} ${fwcmd} 10021 pipe 1021 ip from table\(11\) to any in recv ${local_if} ${fwcmd} 10020 allow ip from any to table\(11\) ${fwcmd} 10021 allow ip from table\(11\) to any ${fw} pipe 1022 config mask dst-ip 0xffffffff bw 102400kbit/s ${fw} pipe 1023 config mask src-ip 0xffffffff bw 102400kbit/s ${fwcmd} 10022 pipe 1022 ip from any to table\(12\) out xmit ${local_if} ${fwcmd} 10023 pipe 1023 ip from table\(12\) to any in recv ${local_if} ${fwcmd} 10022 allow ip from any to table\(12\) ${fwcmd} 10023 allow ip from table\(12\) to any ${fwcmd} 65534 deny log all from any to any P.S. Це дублікат. Іншу тему ніхто не переглядає( Ссылка на сообщение Поделиться на других сайтах
morfey 82 Опубліковано: 2010-03-21 17:58:36 Автор Share Опубліковано: 2010-03-21 17:58:36 Ще розкажу, net.inet.ip.fw.one_pass = 1 при ${fwcmd} 10000 pipe 1000 ip from any to table\(1\) out xmit ${local_if} ${fwcmd} 10001 pipe 1001 ip from table\(1\) to any in recv ${local_if} і без ${fwcmd} 10000 allow ip from any to table\(1\) ${fwcmd} 10001 allow ip from table\(1\) to any Не працює, все йде в 65534 правило При ${fwcmd} 10000 pipe 1000 ip from any to table\(1\) ${fwcmd} 10001 pipe 1001 ip from table\(1\) to any Швидкість в рази менша чим задано в пайпі. При обох парах правил все працює. Питання, чому при in recv ${local_if} і out xmit ${local_if} і без ${fwcmd} 10000 pipe 1000 ip from any to table\(1\) ${fwcmd} 10001 pipe 1001 ip from table\(1\) to any не працює ? Ссылка на сообщение Поделиться на других сайтах
Рекомендованные сообщения
Создайте аккаунт или войдите в него для комментирования
Вы должны быть пользователем, чтобы оставить комментарий
Создать аккаунт
Зарегистрируйтесь для получения аккаунта. Это просто!
Зарегистрировать аккаунтВхід
Уже зарегистрированы? Войдите здесь.
Войти сейчас